Hi Graham,
You have several options...
1) The web interface allows you to specify which LAN interfaces can talk to
each other
2) There is a ALLOWLANS AstLinux variable...
## Allow LAN to LAN traffic for internal interfaces, defaults to disallow
## Space separate "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd
Internal Interface
## Separate groups using a ~ (tilde)
#ALLOWLANS="INTIF INT2IF"
#ALLOWLANS="INTIF INT2IF~INTIF INT3IF" # (INTIF <=> INT2IF talk and INTIF <=>
INT3IF talk, but *not* INT2IF <=> INT3IF)
#ALLOWLANS="INTIF INT2IF INT3IF"
3) Use the IF_TRUSTS variable directly (which both above use)
Lonnie
PS: The INT_IF_TRUST variable went away in the AIF firewall some time ago,
replaced by the more powerful IF_TRUSTS.
On Oct 6, 2010, at 5:04 PM, Graham S. Jarvis wrote:
> Hello,
>
> I'd like to return to this post with a question for 0.7.3 :
>
> I don't find INT_IF_TRUST in firewall.conf
> but I do find the following:
>
> # (EXPERT SETTING!) (Other) trusted network interfaces for which ALL IP
> # traffic should be ACCEPTED. (multiple(!) interfaces should be space
> # separated). Be warned that anything TO and FROM these interfaces is
> allowed
> # (ACCEPTED) so make sure it's NOT routable(accessible) from the outside
> world
> # (internet)! And of course putting one of your external interfaces here
> would
> # be extremely stupid.
> #
> -----------------------------------------------------------------------------
> TRUSTED_IF=""
>
> # (EXPERT SETTING!) Put here the interfaces that should trust
> # each other (accept forward traffic). You can use | (piping-sign) to create
> # seperate interface groups. And (again) of course putting one of your
> external
> # interfaces here would be extremely stupid.
> #
> -----------------------------------------------------------------------------
> IF_TRUSTS=""
>
> Which one should I use in user.conf ???
>
> Could someone explain what the difference is between these two variables
> please.
>
> Thanks,
>
> -Graham-
>
>
> Lonnie Abelbeck wrote on 27/03/2009 15:46:
>> Chris,
>>
>> The Firewall tab in the web interface uses an additional level of
>> abstraction for the firewall rules and then automatically generates
>> either Arno 1.8.8 (AstLinux 0.6.x) or Arno 1.9.0 (AstLinux 0.7 and
>> trunk) arno firewall variables.
>>
>> The Firewall tab assumes a default, unedited firewall.conf. The /mnt/
>> kd/rc.conf.d/gui.firewall.conf contains the variables that overrides
>> the defaults of the stock firewall.conf file. Any firewall setting
>> not covered with the Firewall tab can be added via the Network tab's
>> Advanced - User System Variables button (user.conf).
>>
>> Basically, the firewall.conf file is used to set defaults and
>> documentation for the arno firewall, much like the /stat/etc/rc.conf
>> does for the AstLinux system.
>>
>> I see Darrick has responded... well done.
>>
>> Lonnie
>>
>>
>> On Mar 27, 2009, at 9:12 AM, Chris Abnett wrote:
>>
>>> What is the web interface reading?? I fixed my issue by editing the
>>> /mnt/kd/arno-iptables-firewall/firewall.conf file.
>>>
>>> When I go to the web interface and go to the firewall configuration
>>> it says
>>> there are no rules defined.... please don't tell me I need to start
>>> over -
>>> ive got a lot of rules.. the immediate issue is fixed.. but what is
>>> the
>>> *Right* way to admin my machine so that in furute I don't wipe
>>> things when I
>>> re-compile and upgrade?..
>>>
>>> I have been used to using both the Gui and editing the Config files
>>> for
>>> Asterisk itself using the asterisk-gui and have seen no ill
>>> effects....
>>>
>>> But does the alt-web interface first read the configs and then
>>> populate the
>>> web gui or is there a separate database where the gui stores its
>>> info and
>>> then writes out the configs..
>>> -Christopher
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Astlinux-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
>> [email protected].
>>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> [email protected].
>
>
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
