[Firehol-support] Disable ip_conntrack table
Sim
simvirus at gmail.com
Fri Dec 14 14:55:05 GMT 2007
Hi!
I have this simple config with 2 ethernet.
There isn't NAT from eth0 to eth1 and from eth1 to eth0, or rules from
two ethernet, but my ip_conntrack show this:
# cat /proc/net/ip_conntrack | wc -l
18222
I'm afraid for future! Can I disable policy from two ethernet and use
my linux box as router without limits and with security only for
service over it?
Thanks!
Sim
################################################################
interface eth0 wan
# The default policy is DROP. You can be more polite with REJECT.
policy drop
protection strong
# Here are the services listening on bond0.
server ping accept
server "http" accept src "x.x.x.x."
# The following means that this machine can REQUEST anything via bond0.
client all accept
interface eth1 lan
# The default policy is DROP. You can be more polite with REJECT.
policy drop
# > protection strong
# Here are the services listening on bond1.
server ping accept
server http accept
server "ssh" accept src "x.y.x.y"
# The following means that this machine can REQUEST anything via bond1.
client all accept
############################################################################################
router wan2lan inface eth0 outface eth1
route all accept
router lan2wan inface eth1 outface eth0
route all accept
More information about the Firehol-support
mailing list