[Firehol-support] Interface and Router sections
Sim
simvirus at gmail.com
Wed Jun 14 15:22:36 BST 2006
Hi!
Is it advice to remove "dst address", and let only "src" ?
For example:
------------------------------------------------------------------------------
interface eth0 www2linux src not "${UNROUTABLE_IPS} xx.xx.xx.xx/xx"
# The default policy is DROP. You can be more polite with REJECT.
policy drop
protection strong
# Here are the services listening on eth0.
server "ICMP ssh" accept
# The following means that this machine can REQUEST anything via eth0.
client all accept
------------------------------------------------------------------------------
And is it advice to remove "inface" from router section and let only outface?
With many inface I need to duplicate the rules on each one.
Example:
router x2y outface eth5 dst "xx.xx.xx.0/24"
# > protection strong
route "smtp pop3" accept
router x2yz outface eth4 dst "xx.xx.xx.0/24"
# > protection strong
route "http" accept
------------------------------------------------------------------------------
Thanks for reply
More information about the Firehol-support
mailing list