Provided by: firehol-doc_3.1.7+ds-2.1_all bug

NAME

       firehol-interface - interface definition

SYNOPSIS

       { interface | interface46 } real-interface name rule-params

       interface4 real-interface name rule-params

       interface6 real-interface name rule-params

DESCRIPTION

       An  interface  definition creates a firewall for protecting the host on which the firewall
       is running.

       The default policy is DROP, so that if no subcommands are given, the  firewall  will  just
       drop all incoming and outgoing traffic using this interface.

       The  behaviour  of  the  defined  interface is controlled by adding subcommands from those
       listed in INTERFACE SUBCOMMANDS.

              Note

              Forwarded traffic is  never  matched  by  the  interface  rules,  even  if  it  was
              originally  destined for the firewall but was redirected using NAT.  Any traffic to
              be passed through the firewall for  whatever  reason  must  be  in  a  router  (see
              firehol-router(5)).

              Note

              Writing  interface4 is equivalent to writing ipv4 interface and ensures the defined
              interface is created only in the IPv4 firewall along with any rules within it.

              Writing interface6 is equivalent to writing ipv6 interface and ensures the  defined
              interface is created only in the IPv6 firewall along with any rules within it.

              Writing interface46 is equivalent to writing both interface and ensures the defined
              interface is created in both the IPv4 and IPv6 firewalls.  Any rules within it will
              also be applied to both, unless they specify otherwise.

PARAMETERS

       real-interface
              This  is  the  interface  name  as  shown  by  ip  link  show.   Generally anything
              iptables(8) accepts is valid.

              The + (plus sign) after some text will match all interfaces that  start  with  this
              text.

              Multiple  interfaces may be specified by enclosing them within quotes, delimited by
              spaces for example:

                     interface "eth0 eth1 ppp0" myname

       name   This is a name for this interface.  You  should  use  short  names  (10  characters
              maximum) without spaces or other symbols.

              A name should be unique for all FireHOL interface and router definitions.

       rule-params
              The  set of rule parameters to further restrict the traffic that is matched to this
              interface.

              See firehol-params(5) for information on the parameters that  can  be  used.   Some
              examples:

                     interface eth0 intranet src 192.0.2.0/24

                     interface eth0 internet src not "${UNROUTABLE_IPS}"

              See firehol.conf(5) for an explanation of ${UNROUTABLE_IPS}.

SEE ALSO

firehol(1) - FireHOL program

       • firehol.conf(5) - FireHOL configuration

       • firehol-params(5) - optional rule parameters

       • firehol-modifiers(5) - ipv4/ipv6 selection

       • firehol-router(5) - router definition

       • firehol-iptables(5) - iptables helper

       • firehol-masquerade(5) - masquerade helper

       • FireHOL Website (http://firehol.org/)

       • FireHOL Online PDF Manual (http://firehol.org/firehol-manual.pdf)

       • FireHOL Online Documentation (http://firehol.org/documentation/)

   Interface Subcommandsfirehol-policy(5) - policy command

       • firehol-protection(5) - protection command

       • firehol-server(5) - server, route commands

       • firehol-client(5) - client command

       • firehol-group(5) - group command

AUTHORS

       FireHOL Team.