[Firehol-support] Syntax for many Interfaces

Sim simvirus at gmail.com
Mon May 26 17:33:28 CEST 2008


Hi Costa, hi to all!
I have Linux box with many many many VLAN (interfaces)

Can I reduce syntax as in simple example?

############################

 ETH0 192.168.0.1 /24
 ETH1 172.16.10.1 /24
 ETH2 172.16.11.1 /24

############################

interface eth0 all2fw

	policy drop
	protection strong

	server ICMP accept
	server "ssh" accept

	client all accept

interface eth1 in2fw

	policy drop
	protection strong

	server ICMP accept

	client all accept

interface eth2 other2fw

	policy drop
	protection strong

	server ICMP accept

	client all accept


############################

router all2one outface eth1 dst "172.16.10.1/24"
	route "smtp pop3" accept

router all2two outface eth2 dst "172.16.11.1/24"
	route "http" accept

############################

router in2test outface eth0 dst "10.0.0.0/24"
	route "telnet" accept

router in2out outface eth0 dst "192.168.0.0/24"
	route ICMP accept

router in2all outface eth0 dst "${UNROUTABLE_IPS} 192.168.0.0/24"
	route "all" accept


Another question is:

- Can I create a special (router in2test outface eth0 dst
"10.0.0.0/24") router for a network not in my class?
 Is it essential to define it before (router in2all outface eth0 dst
"${UNROUTABLE_IPS} 192.168.0.0/24") ?

Very thanks!

---
Sim




More information about the Firehol-support mailing list