[Firehol-support] Stateless rules

Guillaume Lacroix gl at worldline.fr
Wed Nov 19 17:12:46 GMT 2014


Hi Costa,

Thanks a lot for the tip. Does it work as well with route ? Something like :

router in_to_web inface myin outface myout dst 123.123.123.123
route anystateless myhttp accept dport 80 proto tcp
route anystateless myhttp accept dport 80 proto tcp

The reason is that I use different FWs on different routers for redundancy. Each router is connected to a different ISP within a same BGP session, so a request may arrive to any of the FWs and so the router should not keep a track of the session (the other solution would have been to update the contrack on the different FWs but I don’t want to do that).

Thanks,
Guillaume



Le mercredi 19 novembre 2014 à 18:01, Tsaousis, Costa a écrit :

> Hi Guillaume,
>  
> Why do you want to do this? Are you facing any issues with the
> netfilter state machine?
>  
> Anyway, if your really want to do it, use this:
>  
> server anystateless myhttp accept dport 80
> server anystateless myhttps accept dport 443
>  
> Costa
>  
>  
>  
> On Wed, Nov 19, 2014 at 3:56 PM, Guillaume Lacroix <gl at worldline.fr (mailto:gl at worldline.fr)> wrote:
> > Hello,
> >  
> > I have gone through the FH configuration, but I couldn’t find a way to specify some rules statelessly (I can only set a destination stateless using « anystateless » command).
> >  
> > Is there a way, for example, to set set a route stateless for HTTP/HTTPS only ?
> >  
> > Thanks and regards,
> > Guillaume
> > _______________________________________________
> > Firehol-support mailing list
> > Firehol-support at lists.firehol.org (mailto:Firehol-support at lists.firehol.org)
> > http://lists.firehol.org/mailman/listinfo/firehol-support
> >  
>  
>  
>  





More information about the Firehol-support mailing list