Opening specific (custom) port [Was: Re: [Firehol-support] Re: whitelisting]

Spike Spiegel debianix at yahoo.it
Sun Jul 18 20:38:10 CEST 2004


It was a dark and stormy night on 2004/07/16 when I heard Daniel Pittman yelling:

[cut]
> >> interface lan eth0 src "192.168.100.1/24" dst "<my ip>"
> >> # only packets from the LAN addresses will be processed here.
> >> policy drop    # silently discard the packets
> >> server ssh accept src "192.168.100.10"  # only from the
> >> # "whitelisted" host.
> >> # everything else falls off the ruleset, so is 'drop'ed
> >> # note: no 'client' rules, so no connections *from* this machine.
> >>
> >> interface internet eth0 src not "192.168.100.1/24" dst "<my ip>"
> >> # only packets not from the LAN will be processed here.
> >> policy reject  # or drop, as you please.
> >> server "ssh http icmp" accept
> >>
> >> client "whatever protocols you need" accept
> >> client all accept # if you don't care about being more specific.

Sorry for bothering you some more... but I got another question (as
specified in subject) and thought of using this thread since my
config is based on the schema above.

Actually I needed to open access to port 8080. After some reading about
"how to add services" I ended adding this line:
server custom http_proxy tcp/8080 default accept
right above the "client all accept" line.
This did the trick, but since I'm still in the process of learning I was
wondering if that's the best way to accomplish such task.

can you comment on this please?

tnx

Spike


-- 
Excess ain't rebellion.
You're drinking what they're selling.
Your self-destruction doesn't hurt them.
Your chaos won't convert them.
They're so happy to rebuild it.
You'll never really kill it.




More information about the Firehol-support mailing list