[Firehol-support] New to forum -> Quick Q?s
Costa Tsaousis
costa at tsaousis.gr
Sat Apr 24 12:11:06 CEST 2004
Euman,
Interface1 matches traffic from/to your LAN. Name it "lan"
Interface2 matches all other traffic (not from/to your LAN). Name it
"internet".
This way you can have separate rules depending on who is talking to you,
or to who you are talking.
If this is the active firewall of your machine, I don't see anything about
http or ident. Is it possible that your router does something about them?
Finally, FireHOL does not care about the type of interfaces. It seems that
sit0 is not properly congfigured and therefore is ingored.
Costa
> Hello all,
>
> I have a problem in that first, my built-in Fedora statefull iptables were
> overwritten. Second, Sygate Firewall test proves that http and identd
> ports are closed not stealthed. Third, I run no server, I use this PC at
> home for experimentation of Linux. Could someone please give me a
> secure script that stealths the ports mentioned above? I only use irc
> on occasion, email, http, https and ftp
>
> I assume this is what I should have done, Im not sure...
> but, why two eth0's I mean, I only have one! plus sit0 that
> isnt supported by this utility.
>
> interface eth0 interface1 src "192.168.0.0/24" dst 192.168.0.144/32
> policy drop
> protection strong
> client dhcp accept
> server ICMP reject #accept
> client all reject #accept
>
> # Interface No 2.
> interface eth0 interface2 src not "${UNROUTABLE_IPS} 192.168.0.0/24" dst
> 192.168.0.144/32
>
> policy drop
> protection strong
> client dhcp accept
> server ICMP reject #accept
> client all reject #accept
>
> ### DEBUG: Processing interface 'sit0'
> # aha, no support thats bad
> # Ignoring interface 'sit0' because does not have an IP or route.
>
> Regards,
> Euman
More information about the Firehol-support
mailing list