[Firehol-support] integration with large routing tables
Max Kutny
mkutny at gmail.com
Tue Feb 15 16:20:08 GMT 2005
I have a box connected to numerous nets via single interface with
large routing tables (several thousands routing entries per net).
Moreover, this list is dynamic and periodically updated (every several
hours in my case).
In order to restrict traffic with iptables I generally do the following:
1. Create one user-defined chain per every net. Rules and restrictions
specific to each net go here.
2. Created a single 'switching' user-defined table which is populated
with jumps to net-specific rules:
iptables -A switch -d x.x.x.x/x -j net1
iptables -A switch -d y.y.y.y/y -j net2
... several thousand rules.
What is the best way to implement this in firehol?
I'm not sure the best solution is to define:
interface eth0 dst "net1 net2 net3 ... net_xxx"
commands1
interface eth0 dst "net_yyy ... net_zzz"
commands2
Thanks.
-- Max
More information about the Firehol-support
mailing list