[Firehol-support] Use client all (without irc and ftp modules)
Gabriel CORRE
gac at 4js.com
Mon Oct 17 13:19:10 BST 2005
Hello,
I'm trying to run firehol on production server that need very secured firewall.
Very secured seems like very simple...
My config:
lan_ips="10.0.0.0/24"
lan_myip="10.0.0.1/32"
interface eth0 eth0lan src "${lan_ips}" dst "${lan_myip}"
policy reject
server ident reject with tcp-reset
server ssh accept
server http accept
server ping accept
client all accept
But I see the "client all" force loading of irc and ftp modules.
But this server is for a production way, without ftp and irc!
Is there exists a "all"-like to accept all (but without loading any addictionnal modules) ?
For now, I only take solution to:
- edit firehol (lib)
- search "rules_all" definition
- comment the end line:
# local ser=
# for ser in ${ALL_SHOULD_ALSO_RUN}
# do
# "${type}" ${ser} "$@" || return 1
# done
Finaly i'm duplicated (and renamed to rules_allnoircftp) the rules_all definition without final line...
and use "client allnoircftp accept". That run like I want.
Do you know another way to do ?
Best Regards,
--
Gabriel CORRE
More information about the Firehol-support
mailing list