[Firehol-support] Firewall on DMZ

Tony Peña emperor.cu at gmail.com
Thu Apr 30 14:39:18 BST 2015

I want to stop flood syn traffic over http from external ip but I have only
eth0 on linux

I have the linux on dmz with ip and only eth0
I have setup the snat from public ip from the router to linux to 80 and 443

But when i set on firehol

version 5

Trusted_ip="other ip trusted"

blacklist full "list black ip"

Interface eth0 ethernet
  Policy drop
  Server "http https" accept src "$trusted_ip"
  Client all accept

Can't access from my trust ip to apache

On the /var/log/messages i can see request failed of kernel from any
including my trusted ip.

My question is how can i set firehol if on my server is on dmz and have
only 1 ethernet access?

from internet --> router (SNAT any to --> eth0 linux
from lan ( --> routing to --> eth0 linux

when firehol is active nobody access to http and https

Any idea?

Thanxs in advace

Antonio Peña
Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001

More information about the Firehol-support mailing list