[Firehol-support] Simple stateless routing.
Teun
teun at as62167.net
Thu Dec 15 16:29:20 GMT 2016
Hi all,
I'm happily using firehol to set up firewalls on servers, but now I'd
like to start using it for a router (without masquerading).
Unfortunately, I cannot find an option which would allow me to limit
connection tracking to/from the host itself instead of forwarding.
The configuration I have so far is:
router4 r34 inface eth3 outface eth4
policy accept
Results in:
pkts bytes target prot opt in out source
destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED tcp flags:0x3F/0x14
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
I do not wish to bother this router with connection tracking, but am
unable to find any options in firehol which limit the tagging and these
ctstate rules.
Furthermore, it's unclear to me what the best practice is if I want to
limit forwarding to a specific subnet.
Can you please advise on this?
Regards,
Teun Kloosterman
More information about the Firehol-support
mailing list