[Firehol-support] redirect4 or redirect ?

Tony Peña emperor.cu at gmail.com
Thu Mar 10 00:01:18 CET 2016


Ok thanxs so much
I try with this fixes and when working planning the upgrade in that way to
can know when was correct because will be migrated from a working config as
it.
Thanks again

Il mer 9 mar 2016, 9:59 PM Tsaousis, Costa <costa at tsaousis.gr> ha scritto:

> Tony,
>
> I suggest to upgrade. FireHOL is just a script itself, so it is very easy
> to use the latest version, and v3 is really a lot better. Check the docs
> for the upgrade process.
>
> For the problem you are facing, the whole idea is to select the LAN IPs
> that are going to the internet (not UNROUTABLE_IPS) and are not in the
> MAC_ALLOW list.
>
> Since IPv4 and IPv6 do not interfere in any way, you have to somehow
> define "LAN IPs" and "going to the internet" for both IPv4 and IPv6.
>
> So, you could define:
>
> IPv4_LAN="10.0.0.0/8 ..."
> IPv6_LAN="..."
>
> and then use something like this:
>
> ipv4 redirect to $x proto tcp dport $x src "${IPv4_LAN}" dst not
> "${IPv4_LAN}" mac not "${MAC_ALLOW}"
> ipv6 redirect to $x proto tcp dport $x src "${IPv6_LAN}" dst not
> "${IPv6_LAN}" mac not "${MAC_ALLOW}"
>
> Costa
>
>
> On Wed, Mar 9, 2016 at 8:55 PM, Tony Peña <emperor.cu at gmail.com> wrote:
>
>> Hi again...
>>
>> Trying redirect traffic for not allowed into my mac list to one internal
>> web server. i got some errors, maybe is the version of firehol, i'm using
>> 2.0.4
>>
>> when I wrote this.
>>
>> LAN="10.0.0.0/8 172.16.0.0/16 192.168.0.0/16"
>>
>> MAC_ALLOW="`cat /etc/firehol/mac_allow`"
>>
>> for x in 80 443
>> do
>>   redirect to $x src "${LAN}" proto tcp dport $x dst not
>> "${UNROUTABLE_IPS}" mac not "${MAC_ALLOW}"
>> done
>>
>> error:
>> ip6tables v1.4.21: host/network `10.0.0.0' not found
>>
>> if on the line is changed for use redirect4 to $x ...........
>> the error said:
>>
>> /tmp/firehol-09PkgF4ghF/firehol-tmp.sh: line 8: redirect4: command not
>> found
>>
>> so 1st works for ipv4 but is such mixing using ipv4 on the ip6table
>> command
>> where not exist .
>>
>> any idea?
>>
>> thanxs
>>
>
>> --
>> perl -le 's ffSfs.s fSf\x54\x6F\x6E\x79 \x50\x65\x6e\x61f.print'
>>
>> Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
>>
> <
>> https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on
>> >
>
>
>> Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001
>>
> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support
>
>
>


More information about the Firehol-support mailing list