[Firehol-support] Aliased external interface
Costa Tsaousis
costa at tsaousis.gr
Fri Dec 3 20:12:13 GMT 2004
Hi Daniel,
To have the FireHOL rules in separate files, and process them as if there
was one big file, just use the BASH "source" function. For example:
---
version 5
dnat ...
snat ...
source /etc/firehol/firehol-external.conf
source /etc/firehol/firehol-internal.conf
source /etc/firehol/firehol-dmz.comf
---
In general, you can do whatever BASH allows, including loops, execute
other programs, make decisions with BASH conditional statements (if...
then... else... fi), etc. You can even connect to a database to get the
rules!
One important thing to know however, is that FireHOL needs to process all
the helpers first and then the interface/router blocks. This means you
cannot have helpers and firewall rules in all files, except the first. All
the others will have to have only interface/router blocks. (Now that I
realize it, this is a stupid rule - added to my to-do list to remove this
restriction).
On the other hand, FireHOL is not able (yet) to build a firewall in
multiple runs. For example, you *cannot* do:
root at host # firehol /etc/firehol/firehol-external.conf
root at host # firehol /etc/firehol/firehol-internal.conf
root at host # firehol /etc/firehol/firehol-dmz.comf
to build the firewall in multiple runs of FireHOL. (This would be fun
however - added to my to-do list also).
--
Costa Tsaousis
> Is it possible to break up the configuration file into multiple files?
> My list of rules is getting extensive, particulary since I'm configuring
> multiple external IP's. I'd like to split the file into a ruleset for
> each IP/interface, with master file to pull them together.
>
> --
> Daniel
>
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>
More information about the Firehol-support
mailing list