[Firehol-support] Multiple Ip Allows - Denigh rest of subnet

James Bean james at hdcs.com.au
Fri Nov 28 23:41:50 GMT 2003

Just downloaded Firehol for the first time and can't find an example
with what I am trying to do, so i thought i would ask :-).
I am running 3 ethernet interfaces, eth0 - ADSL, eth1 - LAN, eth2 -
Cable, and I only want a few of my internet machines to have internet
access, the rest I want to be denighed access, I need to keep them on
the same subnet, with a default of denigh.
Would be it easier to do it by mac address, I have all the mac addresses
of the machines I want to give access to.
The list can grow upto 20 machines, is the an easier way to list them,
so that I can # out the ones I don't want access at certain times?
What I have come up with is as follows.
# Require release 5 of FireHOL configuration directives

version 5

# Transparent Proxy

transparent_squid 8080 "squid root" inface eth1

# Internal Network IP Address




interface eth1 lan src "${lan_ips}"

policy reject

server dns accept

server squid accept

server ssh accept

server http accept

server ftp accept

server smtp accept


interface "eth0 eth2" internet src not "${lan_ips} ${UNROUTABLE_IPS}"

protection strong 10/sec 10

server ssh accept

server http accept

server ident reject with tcp-reset

client all accept


router lan2internet inface eth1 outface eth0


route ${accepted_ips} accept


router internet2lan inface eth0 outface eth1

masquerade reverse

client all accept

server ident reject with tcp-reset


Any help would be very much appreciated.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20031129/d7b6c0ca/attachment-0002.html>

More information about the Firehol-support mailing list