Opening specific (custom) port [Was: Re: [Firehol-support] Re: whitelisting]

Spike Spiegel debianix at
Sun Jul 18 19:38:10 BST 2004

It was a dark and stormy night on 2004/07/16 when I heard Daniel Pittman yelling:

> >> interface lan eth0 src "" dst "<my ip>"
> >> # only packets from the LAN addresses will be processed here.
> >> policy drop    # silently discard the packets
> >> server ssh accept src ""  # only from the
> >> # "whitelisted" host.
> >> # everything else falls off the ruleset, so is 'drop'ed
> >> # note: no 'client' rules, so no connections *from* this machine.
> >>
> >> interface internet eth0 src not "" dst "<my ip>"
> >> # only packets not from the LAN will be processed here.
> >> policy reject  # or drop, as you please.
> >> server "ssh http icmp" accept
> >>
> >> client "whatever protocols you need" accept
> >> client all accept # if you don't care about being more specific.

Sorry for bothering you some more... but I got another question (as
specified in subject) and thought of using this thread since my
config is based on the schema above.

Actually I needed to open access to port 8080. After some reading about
"how to add services" I ended adding this line:
server custom http_proxy tcp/8080 default accept
right above the "client all accept" line.
This did the trick, but since I'm still in the process of learning I was
wondering if that's the best way to accomplish such task.

can you comment on this please?



Excess ain't rebellion.
You're drinking what they're selling.
Your self-destruction doesn't hurt them.
Your chaos won't convert them.
They're so happy to rebuild it.
You'll never really kill it.

More information about the Firehol-support mailing list