[Firehol-support] Stateless rules
Guillaume Lacroix
gl at worldline.fr
Wed Nov 19 17:12:46 GMT 2014
Hi Costa,
Thanks a lot for the tip. Does it work as well with route ? Something like :
router in_to_web inface myin outface myout dst 123.123.123.123
route anystateless myhttp accept dport 80 proto tcp
route anystateless myhttp accept dport 80 proto tcp
The reason is that I use different FWs on different routers for redundancy. Each router is connected to a different ISP within a same BGP session, so a request may arrive to any of the FWs and so the router should not keep a track of the session (the other solution would have been to update the contrack on the different FWs but I don’t want to do that).
Thanks,
Guillaume
Le mercredi 19 novembre 2014 à 18:01, Tsaousis, Costa a écrit :
> Hi Guillaume,
>
> Why do you want to do this? Are you facing any issues with the
> netfilter state machine?
>
> Anyway, if your really want to do it, use this:
>
> server anystateless myhttp accept dport 80
> server anystateless myhttps accept dport 443
>
> Costa
>
>
>
> On Wed, Nov 19, 2014 at 3:56 PM, Guillaume Lacroix <gl at worldline.fr (mailto:gl at worldline.fr)> wrote:
> > Hello,
> >
> > I have gone through the FH configuration, but I couldn’t find a way to specify some rules statelessly (I can only set a destination stateless using « anystateless » command).
> >
> > Is there a way, for example, to set set a route stateless for HTTP/HTTPS only ?
> >
> > Thanks and regards,
> > Guillaume
> > _______________________________________________
> > Firehol-support mailing list
> > Firehol-support at lists.firehol.org (mailto:Firehol-support at lists.firehol.org)
> > http://lists.firehol.org/mailman/listinfo/firehol-support
> >
>
>
>
More information about the Firehol-support
mailing list