[Firehol-support] Interface and Router sections
Thomas Arendsen Hein
thomas at intevation.de
Thu Jun 15 18:10:43 BST 2006
* Sim <simvirus at gmail.com> [20060614 16:22]:
> Is it advice to remove "dst address", and let only "src" ?
>
> For example:
> interface eth0 www2linux src not "${UNROUTABLE_IPS} xx.xx.xx.xx/xx"
For dynamic IPs this the only way unless you reload firehol on each
IP change.
> And is it advice to remove "inface" from router section and let only outface?
> With many inface I need to duplicate the rules on each one.
>
> Example:
>
> router x2y outface eth5 dst "xx.xx.xx.0/24"
>
> # > protection strong
> route "smtp pop3" accept
>
> router x2yz outface eth4 dst "xx.xx.xx.0/24"
>
> # > protection strong
> route "http" accept
In the interface section I use something like
interface "eth1 eth2" foo
which probably works in a router, too.
Thomas
--
Email: thomas at intevation.de
http://intevation.de/~thomas/
More information about the Firehol-support
mailing list