[Firehol-support] redirect4 or redirect ?
Tsaousis, Costa
costa at tsaousis.gr
Wed Mar 9 20:59:15 GMT 2016
Tony,
I suggest to upgrade. FireHOL is just a script itself, so it is very easy
to use the latest version, and v3 is really a lot better. Check the docs
for the upgrade process.
For the problem you are facing, the whole idea is to select the LAN IPs
that are going to the internet (not UNROUTABLE_IPS) and are not in the
MAC_ALLOW list.
Since IPv4 and IPv6 do not interfere in any way, you have to somehow define
"LAN IPs" and "going to the internet" for both IPv4 and IPv6.
So, you could define:
IPv4_LAN="10.0.0.0/8 ..."
IPv6_LAN="..."
and then use something like this:
ipv4 redirect to $x proto tcp dport $x src "${IPv4_LAN}" dst not
"${IPv4_LAN}" mac not "${MAC_ALLOW}"
ipv6 redirect to $x proto tcp dport $x src "${IPv6_LAN}" dst not
"${IPv6_LAN}" mac not "${MAC_ALLOW}"
Costa
On Wed, Mar 9, 2016 at 8:55 PM, Tony Peña <emperor.cu at gmail.com> wrote:
> Hi again...
>
> Trying redirect traffic for not allowed into my mac list to one internal
> web server. i got some errors, maybe is the version of firehol, i'm using
> 2.0.4
>
> when I wrote this.
>
> LAN="10.0.0.0/8 172.16.0.0/16 192.168.0.0/16"
>
> MAC_ALLOW="`cat /etc/firehol/mac_allow`"
>
> for x in 80 443
> do
> redirect to $x src "${LAN}" proto tcp dport $x dst not
> "${UNROUTABLE_IPS}" mac not "${MAC_ALLOW}"
> done
>
> error:
> ip6tables v1.4.21: host/network `10.0.0.0' not found
>
> if on the line is changed for use redirect4 to $x ...........
> the error said:
>
> /tmp/firehol-09PkgF4ghF/firehol-tmp.sh: line 8: redirect4: command not
> found
>
> so 1st works for ipv4 but is such mixing using ipv4 on the ip6table command
> where not exist .
>
> any idea?
>
> thanxs
>
> --
> perl -le 's ffSfs.s fSf\x54\x6F\x6E\x79 \x50\x65\x6e\x61f.print'
>
> Secure email with PGP 0x8B021001 available at https://pgp.mit.edu
> <
> https://pgp.mit.edu/pks/lookup?search=0x8B021001&op=index&fingerprint=on&exact=on
> >
> Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list