[Firehol-support] Interface and Router sections

Sim simvirus at gmail.com
Wed Jun 14 16:22:36 CEST 2006


Hi!

Is it advice to remove "dst address", and let only "src" ?

For example:
------------------------------------------------------------------------------
interface eth0 www2linux src not "${UNROUTABLE_IPS} xx.xx.xx.xx/xx"

       # The default policy is DROP. You can be more polite with REJECT.
       policy drop

       protection strong

       # Here are the services listening on eth0.
       server "ICMP ssh" accept

       # The following means that this machine can REQUEST anything via eth0.
       client all accept
------------------------------------------------------------------------------

And is it advice to remove "inface" from router section and let only outface?
With many inface I need to duplicate the rules on each one.

Example:

router x2y outface eth5 dst "xx.xx.xx.0/24"

       # > protection strong
       route "smtp pop3" accept

router x2yz outface eth4 dst "xx.xx.xx.0/24"

       # > protection strong
       route "http" accept

------------------------------------------------------------------------------

Thanks for reply




More information about the Firehol-support mailing list