[Firehol-support] Syntax for many Interfaces
Sim
simvirus at gmail.com
Tue May 27 10:48:28 BST 2008
> I have Linux box with many many many VLAN (interfaces)
>
> Can I reduce syntax as in simple example?
>
> ############################
>
> ETH0 192.168.0.1 /24
> ETH1 172.16.10.1 /24
> ETH2 172.16.11.1 /24
>
> ############################
>
> interface eth0 all2fw
>
> policy drop
> protection strong
>
> server ICMP accept
> server "ssh" accept
>
> client all accept
>
> interface eth1 in2fw
>
> policy drop
> protection strong
>
> server ICMP accept
>
> client all accept
>
> interface eth2 other2fw
>
> policy drop
> protection strong
>
> server ICMP accept
>
> client all accept
>
>
> ############################
>
> router all2one outface eth1 dst "172.16.10.1/24"
> route "smtp pop3" accept
>
> router all2two outface eth2 dst "172.16.11.1/24"
> route "http" accept
>
> ############################
>
> router in2test outface eth0 dst "10.0.0.0/24"
> route "telnet" accept
>
> router in2out outface eth0 dst "192.168.0.0/24"
> route ICMP accept
>
> router in2all outface eth0 dst "${UNROUTABLE_IPS} 192.168.0.0/24"
> route "all" accept
>
>
> Another question is:
>
> - Can I create a special (router in2test outface eth0 dst
> "10.0.0.0/24") router for a network not in my class?
> Is it essential to define it before (router in2all outface eth0 dst
> "${UNROUTABLE_IPS} 192.168.0.0/24") ?
>
> Very thanks!
>
Hi!
Is it vulnerable to spoofing or other?
Thanks
More information about the Firehol-support
mailing list