Provided by: sanewall-doc_1.0.2+ds-2_all bug

NAME

       sanewall-interface - create an interface definition

SYNOPSIS

       interface real-interface name [rule-params]

DESCRIPTION

       An interface definition creates a firewall for protecting the host on which the firewall
       is running.

       The default policy is DROP, so that if no subcommands are given, the firewall will just
       drop all incoming and outgoing traffic using this interface.

       The behaviour of the defined interface is controlled by adding subcommands (listed in the
       section called “SEE ALSO”).

           Note
           Forwarded traffic is never matched by the interface rules, even if it was originally
           destined for the firewall but was redirected using NAT. Any traffic to be passed
           through the firewall for whatever reason must be in a router (see router definition:
           sanewall-router(5)).

PARAMETERS

       real-interface
           This is the interface name as shown by ip link show. Generally anything iptables
           accepts is valid.

           The + (plus sign) after some text will match all interfaces that start with this text.

           Multiple interfaces may be specified by enclosing them within quotes, delimited by
           spaces for example:

               interface "eth0 eth1 ppp0" myname

       name
           This is a name for this interface. You should use short names (10 characters maximum)
           without spaces or other symbols.

           A name should be unique for all Sanewall interface and router definitions.

       rule-params
           The set of rule parameters to further restrict the traffic that is matched to this
           interface.

           See optional rule parameters: sanewall-rule-params(5) for information on the
           parameters that can be used. Some examples:

               interface eth0 intranet src 192.0.2.0/24

               interface eth0 internet src not "${UNROUTABLE_IPS}"

           See Sanewall configuration: sanewall.conf(5) for an explanation of ${UNROUTABLE_IPS}.

SEE ALSO

           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           router definition: sanewall-router(5)
           policy command: sanewall-policy(5)
           protection command: sanewall-protection(5)
           client command: sanewall-client(5)
           server, route commands: sanewall-server(5)
           group command: sanewall-group(5)
           iptables helper: sanewall-iptables(5)
           masquerade helper: sanewall-masquerade(5)

AUTHOR

       Sanewall Team

COPYRIGHT

       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>