[TriLUG] iptables with more than 2 nics
Magnus Hedemark
chrish at trilug.org
Mon May 3 10:46:14 EDT 2004
On Mon, 3 May 2004, Lee wrote:
> Would PF on OpenBSD be an option? I'm not that familiar with iptables,
> but I know what you want to do is fairly easy to do with PF.
Oh absolutely.
Set up environment variables for all your interfaces to make it more
readable. Like:
int_if=dc0
ext_if=dc1
dmz_if=dc2
Then you can make rules like:
pass in quick on $ext_if proto tcp from any to $ext_if \
port ssh flags S/SA modulate state
(ass-uming you wanted to open sshd on your firewall to the outside world,
that would do the job)
Also note that the rule doesn't need to be quite as long as what I put
there but is a little more secure than the simpler form.
More information about the TriLUG
mailing list