[Firewall] Aliases and Configs
Arno van Amersfoort
arnova at rocky.eld.leidenuniv.nl
Mon Jul 14 09:08:13 MDT 2008
With firewall version 1.9.0 you can use restrict rules to specific
virtual aliases by specifying their IP. So instead of using ie.
OPEN_TCP="eth0:22", you should use OPEN_TCP="interface_IP:22"... It's as
simple as that....
About your custom-rules: in principle you must always try to use the
functionality in the script. Version 1.9 was mainly "founded", to
implement stuff which was previously (often) put in custom-rules....
And last but not least (I don't know if you did): always perform port
scans from an (other) outside machine, not from localhost...
warren at leetnet.com wrote:
> I have an external interface on a host with a /7 subnet. The first usable
> IP has several ports open providing various services. The others are either
> only available to myself for certain services are open externally to
> Now I'm using custom-rules to insert before your rules my accepts and drops.
> This works, but it's a bit backwards as there's a handful of rules, and they
> must go in the INPUT chain before yours. Unfortunately I'm not familiar
> enough, and haven't researched enough, how to hop between chains. I did try
> adding one but it's just gets bypassed it seems (0 references).
> Is the new user/global config option better suited for this? What would be
> best practice in this case? Also, eth0+ seems ineffective (I added the
> aliases, the + in eth0+, restarted it hoping the rules would be the same
> across the board to start - and a port scan shows things open/closed/etc).
> I'm not sure if these is desired behavior, or maybe I have a configuration
> Thanks in advance for any advice!
> Warren Crigger
> Firewall mailing list
> Firewall at lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
Arno van Amersfoort
E-mail : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
Arno's (Linux IPTABLES Firewall) Homepage:
More information about the Firewall