[Firehol-support] True whitelist

Wesley J. Landaker wjl at icecavern.net
Tue Feb 2 18:58:27 GMT 2010

On Tuesday 02 February 2010 07:37:28 WJP wrote:
> Hello!
> I have seen some discussion around this but no clear solution:
> Is there a way to tell Firehol to do NO filtering (including "NEW TCP w/o
> SYN") to/from an IP/range?
> I am troubleshooting a specific connectivity issue and am seeing some of
> this in the logs:
> NEW TCP w/o SYN:'IN=eth1 OUT= MAC=<mac> SRC=<src> DST=<dst> LEN=89
>  TOS=0x00 PREC=0x00 TTL=50 ID=33540 DF PROTO=TCP SPT=51672 DPT=443
>  WINDOW=33285 RES=0x00 ACK PSH URGP=0
> I'd like to stop all filtering on all ports on all protocols between
>  <src> and <dst>. Is there a way to achieve this with Firehol?

I don't know exactly what command you need, but if it's doable with 
iptables, it should be doable with firehol's "iptables" command, which 
basically just passes on it's arguments to the real iptables.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20100202/8ef88b09/attachment-0001.sig>

More information about the Firehol-support mailing list