[Firehol-support] Simple stateless routing.

Teun teun at as62167.net
Thu Dec 15 16:29:20 GMT 2016

Hi all,

I'm happily using firehol to set up firewalls on servers, but now I'd 
like to start using it for a router (without masquerading).

Unfortunately, I cannot find an option which would allow me to limit 
connection tracking to/from the host itself instead of forwarding.

The configuration I have so far is:

router4 r34 inface eth3 outface eth4
     policy accept

Results in:
     pkts      bytes target     prot opt in     out source               
        0        0 ACCEPT     icmp --  *      *               ctstate RELATED
        0        0 ACCEPT     tcp  --  *      *               ctstate RELATED tcp flags:0x3F/0x14
        0        0 ACCEPT     all  --  *      *   

I do not wish to bother this router with connection tracking, but am 
unable to find any options in firehol which limit the tagging and these 
ctstate rules.
Furthermore, it's unclear to me what the best practice is if I want to 
limit forwarding to a specific subnet.

Can you please advise on this?

   Teun Kloosterman

More information about the Firehol-support mailing list