[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: firewall script
Flood Randy Capt AFCA/GCF said:
> This looks kind of interesting. Just glancing at it, it appears that you
> write a rules file, and it uses that. Can you give us an example of a rules
> file?
OK, let's say you have a pretty standard firewall box with three
ethernet interfaces. eth0 is connected to a router to the outside
world. eth1 is connected to a DMZ segment where you have a mail
server that you want the world to be able to connect to. eth2 is
connected to your office network, which you want NAT'd to the outside
world. You want both the office & DMZ to be able to connect to the
world at will. Your rules file would look like this:
outside eth0 label=internet
dmz eth1 label=dmz allow=smtp/tcp trusted
internal eth2 label=office trusted nat
(Note that this also implies that the office network can connect to
the DMZ network at will.)
The documentation includes all of the options that are currently
recognized. (I had missed the logging-related options, but I updated
the documentation and just now put the updated version on the server.)
Steve
--
steve@silug.org | Southern Illinois Linux Users Group
(618)398-7320 | See web site for meeting details.
Steven Pritchard | http://www.silug.org/
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.