Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # cat /etc/firehol/firehol.conf
- version 6
- inet_face=inet0
- lan_face=lan0
- lan_ips="192.168.1.0/24"
- lan_services="ssh dns dhcp icmp http https"
- inet_services="http https"
- dnat to 192.168.1.20 inface ${inet_face} proto tcp dport 49020
- dnat to 192.168.1.20 inface ${inet_face} proto udp dport 49020
- #interface ${lan_face} lan
- # policy accept
- interface ${lan_face} nolan
- policy return
- server dhcp accept
- interface ${lan_face} lan src "${lan_ips}"
- policy reject
- server "${lan_services}" accept
- client all accept
- interface ${inet_face} inet src not "${home_ips} ${UNROUTABLE_IPS}"
- protection strong 10/sec 10
- server "${inet_services}" accept
- client all accept
- router4 lan2inet inface ${lan_face} outface ${inet_face}
- masquerade
- route all accept
- router4 inet2lan inface ${inet_face} outface ${lan_face}
- route ident reject with tcp-reset
- route custom forward "tcp/49020 udp/49020" default accept
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement