From bbe5e169cc98b998e2b9e1656823245d3168e60e Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Wed, 29 Jul 2009 11:40:11 +0200 Subject: [PATCH 1/1] vuurmuur: Add some extra explicit interfaces. This prevents extra, useless, rules from being generated. --- etc/vuurmuur/rules/rules.conf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/etc/vuurmuur/rules/rules.conf b/etc/vuurmuur/rules/rules.conf index 8fd8344..283b884 100644 --- a/etc/vuurmuur/rules/rules.conf +++ b/etc/vuurmuur/rules/rules.conf @@ -1,19 +1,19 @@ RULE="Accept service ping from any to any options comment=\"ping\"" RULE="Accept service any from firewall to world.inet options comment=\"Outgoing host traffic\"" RULE="Accept service any from any to world.inet options comment=\"Outgoing vserver traffic (but from any due to vuurmuur limits)\"" -RULE="Snat service any from vservers.internal to world.inet options comment=\"snat for vservers\"" +RULE="Snat service any from vservers.internal to world.inet options out_int=\"inet-nic\",comment=\"snat for vservers\"" RULE="separator" RULE="Accept service any from zeratul.direct to firewall options comment=\"direct traffic from zeratul\"" RULE="Accept service any from firewall to zeratul.direct options comment=\"direct traffice to zeratul\"" RULE="separator" RULE="Accept service ssh-host from any to firewall(any) options comment=\"ssh access to the host\"" -RULE="Dnat service http from world.inet to www.vservers.internal options comment=\"http to www\"" +RULE="Dnat service http from world.inet to www.vservers.internal options in_int=\"inet-nic\",comment=\"http to www\"" RULE="Accept service http from world.inet to firewall options in_int=\"vserver-www-nic\"" RULE="Dnat service smtp from world.inet to mail.vservers.internal options comment=\"smtp to mail\"" RULE="Accept service smtp from world.inet to firewall options in_int=\"vserver-mail-nic\"" -RULE="Dnat service dns from world.inet to dns.vservers.internal options comment=\"dns to dns\"" -RULE="Accept service dns from world.inet to firewall options in_int=\"vserver-dns-nic\"" -RULE="Dnat service imaps from world.inet to mail.vservers.internal options comment=\"imaps to mail\"" +RULE="Dnat service dns from world.inet to dns.vservers.internal options in_int=\"inet-nic\",remoteport=\"54\",comment=\"dns to dns (running on port 54)\"" +RULE="Accept service dns-internal from world.inet to firewall options in_int=\"vserver-dns-nic\"" +RULE="Dnat service imaps from world.inet to mail.vservers.internal options in_int=\"inet-nic\",comment=\"imaps to mail\"" RULE="Accept service imaps from world.inet to firewall options in_int=\"vserver-mail-nic\"" -RULE="Dnat service ssh from world.inet to login.vservers.internal options comment=\"ssh to login\"" +RULE="Dnat service ssh from world.inet to login.vservers.internal options in_int=\"inet-nic\",comment=\"ssh to login\"" RULE="Accept service ssh from world.inet to firewall options in_int=\"vserver-login-nic\"" -- 2.30.2