Re: [Vuurmuur-users] Re: FEATURE : how-to get differents rules firewall interfaces ?!

Tue, 09 May 2006 02:29:39 -0700 

Hi Victor,

[Victor Julien] wrotes the following on [26/04/2006 13:40]:

Hi Alex,

<snip>
I read some code, and I think it could be possible to add the feature. The solution would be to consider not only keywords "firewall" "firewall(any)" in rules, but also "firewall(if-name)" where "if-name" should be the name of interface when created. This this solutions, we can easily put different rules on different interfaces.
Maybe I can find enough time to help you coding this, or maybe you think it's possible to do this very simply ?! In another hand, I'm ready to test any modifications in this may.
Did you use the in_int option? I agree firewall(if-name) would look nice, however because i also wanted to support this selection in forwarding rules (where the firewall is not specifically mentioned) i have chosen to add it to the rule options.
Yes, I understand. With such way, rules (input, output, forward) are more flexible... you are right ! 



So the equivalent of the next rule:
accept service http from world.inet to firewall(adsl) # <- doesn't work

would be:
accept service http from world.inet to firewall options in_int="adsl"
You can select the in_int in vuurmuur_conf by pressing F5 for advanced options in the edit_rule screen. The in_int option is then called 'Listen interface'. 

I hope this answers your question!


  YES THAT'S IT !
With some tests using this options and looking at generated rules (with iptables -L), we really understand how to use this option and we try to simulate all our specials servers cases. It's seems to all rights... So now, we are ready to deploy vuurmuur on all our servers. 

  Once again : thank you Victor and all the developers !

  Bye,
  Alex.




Regards,
Victor


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier 
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Vuurmuur-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/vuurmuur-users





--
Alexandre SIMON
Cellule Réseau StanNet/Lothaire

C.I.R.I.L.            | Perm. réseau : +33 (0)3.83.68.24.24
Château du Montet     | Tél.  direct : +33 (0)3.83.68.24.32
Rue du Doyen Roubault | Fax          : +33 (0)3.83.68.24.01
F - 54500 VANDOEUVRE  | Email        : [EMAIL PROTECTED]



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Vuurmuur-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/vuurmuur-users

Reply via email to