Provided by: firehol-doc_3.1.7+ds-2_all bug


       firehol-interface - interface definition


       { interface | interface46 } real-interface name rule-params

       interface4 real-interface name rule-params

       interface6 real-interface name rule-params


       An  interface  definition creates a firewall for protecting the host on which the firewall
       is running.

       The default policy is DROP, so that if no subcommands are given, the  firewall  will  just
       drop all incoming and outgoing traffic using this interface.

       The  behaviour  of  the  defined  interface is controlled by adding subcommands from those


              Forwarded traffic is  never  matched  by  the  interface  rules,  even  if  it  was
              originally  destined for the firewall but was redirected using NAT.  Any traffic to
              be passed through the firewall for  whatever  reason  must  be  in  a  router  (see


              Writing  interface4 is equivalent to writing ipv4 interface and ensures the defined
              interface is created only in the IPv4 firewall along with any rules within it.

              Writing interface6 is equivalent to writing ipv6 interface and ensures the  defined
              interface is created only in the IPv6 firewall along with any rules within it.

              Writing interface46 is equivalent to writing both interface and ensures the defined
              interface is created in both the IPv4 and IPv6 firewalls.  Any rules within it will
              also be applied to both, unless they specify otherwise.


              This  is  the  interface  name  as  shown  by  ip  link  show.   Generally anything
              iptables(8) accepts is valid.

              The + (plus sign) after some text will match all interfaces that  start  with  this

              Multiple  interfaces may be specified by enclosing them within quotes, delimited by
              spaces for example:

                     interface "eth0 eth1 ppp0" myname

       name   This is a name for this interface.  You  should  use  short  names  (10  characters
              maximum) without spaces or other symbols.

              A name should be unique for all FireHOL interface and router definitions.

              The  set of rule parameters to further restrict the traffic that is matched to this

              See firehol-params(5) for information on the parameters that  can  be  used.   Some

                     interface eth0 intranet src

                     interface eth0 internet src not "${UNROUTABLE_IPS}"

              See firehol.conf(5) for an explanation of ${UNROUTABLE_IPS}.


firehol(1) - FireHOL program

       • firehol.conf(5) - FireHOL configuration

       • firehol-params(5) - optional rule parameters

       • firehol-modifiers(5) - ipv4/ipv6 selection

       • firehol-router(5) - router definition

       • firehol-iptables(5) - iptables helper

       • firehol-masquerade(5) - masquerade helper

       • FireHOL Website (

       • FireHOL Online PDF Manual (

       • FireHOL Online Documentation (

   Interface Subcommandsfirehol-policy(5) - policy command

       • firehol-protection(5) - protection command

       • firehol-server(5) - server, route commands

       • firehol-client(5) - client command

       • firehol-group(5) - group command


       FireHOL Team.