[Firehol-support] Stateless rules

Tsaousis, Costa costa at tsaousis.gr
Wed Nov 19 18:17:10 GMT 2014


Yes, it works for both interfaces and routers.

Costa

On Wed, Nov 19, 2014 at 7:12 PM, Guillaume Lacroix <gl at worldline.fr> wrote:
> Hi Costa,
>
> Thanks a lot for the tip. Does it work as well with route ? Something like :
>
> router in_to_web inface myin outface myout dst 123.123.123.123
> route anystateless myhttp accept dport 80 proto tcp
> route anystateless myhttp accept dport 80 proto tcp
>
> The reason is that I use different FWs on different routers for redundancy.
> Each router is connected to a different ISP within a same BGP session, so a
> request may arrive to any of the FWs and so the router should not keep a
> track of the session (the other solution would have been to update the
> contrack on the different FWs but I don’t want to do that).
>
> Thanks,
> Guillaume
>
> Le mercredi 19 novembre 2014 à 18:01, Tsaousis, Costa a écrit :
>
> Hi Guillaume,
>
> Why do you want to do this? Are you facing any issues with the
> netfilter state machine?
>
> Anyway, if your really want to do it, use this:
>
> server anystateless myhttp accept dport 80
> server anystateless myhttps accept dport 443
>
> Costa
>
>
>
> On Wed, Nov 19, 2014 at 3:56 PM, Guillaume Lacroix <gl at worldline.fr> wrote:
>
> Hello,
>
> I have gone through the FH configuration, but I couldn’t find a way to
> specify some rules statelessly (I can only set a destination stateless using
> « anystateless » command).
>
> Is there a way, for example, to set set a route stateless for HTTP/HTTPS
> only ?
>
> Thanks and regards,
> Guillaume
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>
>



More information about the Firehol-support mailing list