[Firehol-support] Info
Sim
simvirus at gmail.com
Tue Jun 13 13:54:15 BST 2006
Hi!
Is it advice to remove "dst address", and let only "src" ?
For example:
------------------------------------------------------------------------------
interface eth0 www2linux src not "${UNROUTABLE_IPS} 82.10.15.0/28"
# The default policy is DROP. You can be more polite with REJECT.
policy drop
protection strong
# Here are the services listening on eth0.
server "ICMP ssh" accept
# The following means that this machine can REQUEST anything via eth0.
client all accept
------------------------------------------------------------------------------
And is it advice to remove "inface" from router section and let only outface?
With many inface I need to duplicate the rules on each one.
Example:
router x2y outface eth5 src "82.10.15.64/28" dst "82.10.16.0/24"
# > protection strong
route "smtp pop3" accept
------------------------------------------------------------------------------
Thanks for reply
More information about the Firehol-support
mailing list