[Firehol-support] Use client all (without irc and ftp modules)

Gabriel CORRE gac at 4js.com
Mon Oct 17 13:19:10 BST 2005


I'm trying to run firehol on production server that need very secured firewall.
Very secured seems like very simple...

My config:


interface eth0 eth0lan src "${lan_ips}" dst "${lan_myip}"
        policy                  reject

        server ident            reject with tcp-reset
        server ssh              accept
        server http             accept
        server ping             accept
        client all              accept

But I see the "client all" force loading of irc and ftp modules.
But this server is for a production way, without ftp and irc!

Is there exists a "all"-like to accept all (but without loading any addictionnal modules) ?

For now, I only take solution to:
- edit firehol (lib)
- search "rules_all" definition
- comment the end line:
#        local ser=
#        for ser in ${ALL_SHOULD_ALSO_RUN}
#        do
#                "${type}" ${ser} "$@" || return 1
#        done

Finaly i'm duplicated (and renamed to rules_allnoircftp) the rules_all definition without final line...
and use "client allnoircftp accept". That run like I want.

Do you know another way to do ?

Best Regards,
Gabriel CORRE

More information about the Firehol-support mailing list