[Firehol-support] All or nothing?
Daniel L. Miller
dmiller at amfes.com
Wed Jun 27 02:07:22 BST 2007
I'm taking advantage of firehol to simplify things on an internal
machine - that previously I did not consider needed security. Since
firehol by default blocks everything not opened, my current config opens
everything back up, plus the simple DNAT.
transparent_squid 8080 "root proxy" src 192.168.0.0/24 dst not
192.168.0.0/24 inface "eth2 br1"
interface any ALLNICS
policy accept
router ALLROUTES
policy accept
I've added a VPN interface to this machine, and I want to limit the
rights of that interface. My question is can I do this by simply adding
interface/router stanzas - probably before the "any and all" stanzas?
Or do I now need to individually define every interface? I'm currently
thinking of something like:
transparent_squid 8080 "root proxy" src 192.168.0.0/24 dst not
192.168.0.0/24 inface "eth2 br1"
interface tun0
client all accept
interface any ALLNICS
policy accept
router vpn2lan inface tun0
client all accept
router ALLROUTES
policy accept
--
Daniel
More information about the Firehol-support
mailing list