[Firehol-support] Info

Sim simvirus at gmail.com
Tue Jun 13 13:54:15 BST 2006


Hi!

Is it advice to remove "dst address", and let only "src" ?

For example:
------------------------------------------------------------------------------
interface eth0 www2linux src not "${UNROUTABLE_IPS} 82.10.15.0/28"

        # The default policy is DROP. You can be more polite with REJECT.
        policy drop

        protection strong

        # Here are the services listening on eth0.
        server "ICMP ssh" accept

        # The following means that this machine can REQUEST anything via eth0.
        client all accept
------------------------------------------------------------------------------

And is it advice to remove "inface" from router section and let only outface?
With many inface I need to duplicate the rules on each one.

Example:

router x2y outface eth5 src "82.10.15.64/28" dst "82.10.16.0/24"

        # > protection strong
        route "smtp pop3" accept

------------------------------------------------------------------------------

Thanks for reply




More information about the Firehol-support mailing list