Provided by: sanewall-doc_1.0.2+ds-2_all bug

NAME
       sanewall-interface - create an interface definition


SYNOPSIS

       interface real-interface name [rule-params]


DESCRIPTION
       An interface definition creates a firewall for protecting the host on which the firewall is running.

       The default policy is DROP, so that if no subcommands are given, the firewall will just drop all incoming
       and outgoing traffic using this interface.

       The behaviour of the defined interface is controlled by adding subcommands (listed in the section called
       “SEE ALSO”).

           Note

           Forwarded traffic is never matched by the interface rules, even if it was originally destined for the
           firewall but was redirected using NAT. Any traffic to be passed through the firewall for whatever
           reason must be in a router (see router definition: sanewall-router(5)).


PARAMETERS
       real-interface
           This is the interface name as shown by ip link show. Generally anything iptables accepts is valid.

           The + (plus sign) after some text will match all interfaces that start with this text.

           Multiple interfaces may be specified by enclosing them within quotes, delimited by spaces for
           example:

               interface "eth0 eth1 ppp0" myname

       name
           This is a name for this interface. You should use short names (10 characters maximum) without spaces
           or other symbols.

           A name should be unique for all Sanewall interface and router definitions.

       rule-params
           The set of rule parameters to further restrict the traffic that is matched to this interface.

           See optional rule parameters: sanewall-rule-params(5) for information on the parameters that can be
           used. Some examples:

               interface eth0 intranet src 192.0.2.0/24

               interface eth0 internet src not "${UNROUTABLE_IPS}"

           See Sanewall configuration: sanewall.conf(5) for an explanation of ${UNROUTABLE_IPS}.


SEE ALSO
           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           router definition: sanewall-router(5)
           policy command: sanewall-policy(5)
           protection command: sanewall-protection(5)
           client command: sanewall-client(5)
           server, route commands: sanewall-server(5)
           group command: sanewall-group(5)
           iptables helper: sanewall-iptables(5)
           masquerade helper: sanewall-masquerade(5)


AUTHOR
       Sanewall Team


COPYRIGHT
       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>

Sanewall 1.0.2                                  Built 01 Jun 2013                        INTERFACE DEFINITION(5)