[Firehol-support] How to allow traffic from an IP range?

Wojtek Swiatek w at swtk.info
Tue Jul 31 07:24:45 BST 2018


Le lun. 30 juil. 2018 à 22:20, Phil Whineray <phil at firehol.org> a écrit :

>
> > > Firehol will stop logging if you include a catchall "server any drop"
> as
> > > the last rule in your interface.
>
> To just match the range, add a "src" parameter. Anything not matched will
> go to the default rule.
>
>
Unfortunately it did not help. I added the line as suggested (not sure why
"server", in any case I tried "server" and "client"):

interface4 int0 internet
    client all accept
    server openvpn accept
    server any drop src 192.168.0.0/24

I still get lines such as
IN-internet:IN=int0 OUT= MAC=01:00:5e:7f:ff:fa:18:1e:78:82:e6:f5:08:00
SRC=192.168.0.11 DST=239.255.255.250 LEN=32 TOS=0x00 PREC=0x80 TTL=1 ID=0
DF PROTO=2



More information about the Firehol-support mailing list