[Firehol-support] Simple stateless routing.
teun at as62167.net
Thu Dec 15 16:29:20 GMT 2016
I'm happily using firehol to set up firewalls on servers, but now I'd
like to start using it for a router (without masquerading).
Unfortunately, I cannot find an option which would allow me to limit
connection tracking to/from the host itself instead of forwarding.
The configuration I have so far is:
router4 r34 inface eth3 outface eth4
pkts bytes target prot opt in out source
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED tcp flags:0x3F/0x14
0 0 ACCEPT all -- * * 0.0.0.0/0
I do not wish to bother this router with connection tracking, but am
unable to find any options in firehol which limit the tagging and these
Furthermore, it's unclear to me what the best practice is if I want to
limit forwarding to a specific subnet.
Can you please advise on this?
More information about the Firehol-support