Provided by: sanewall-doc_1.0.2+ds-2_all
NAME
sanewall-interface - create an interface definition
SYNOPSIS
interface real-interface name [rule-params]
DESCRIPTION
An interface definition creates a firewall for protecting the host on which the firewall is running. The default policy is DROP, so that if no subcommands are given, the firewall will just drop all incoming and outgoing traffic using this interface. The behaviour of the defined interface is controlled by adding subcommands (listed in the section called “SEE ALSO”). Note Forwarded traffic is never matched by the interface rules, even if it was originally destined for the firewall but was redirected using NAT. Any traffic to be passed through the firewall for whatever reason must be in a router (see router definition: sanewall-router(5)).
PARAMETERS
real-interface This is the interface name as shown by ip link show. Generally anything iptables accepts is valid. The + (plus sign) after some text will match all interfaces that start with this text. Multiple interfaces may be specified by enclosing them within quotes, delimited by spaces for example: interface "eth0 eth1 ppp0" myname name This is a name for this interface. You should use short names (10 characters maximum) without spaces or other symbols. A name should be unique for all Sanewall interface and router definitions. rule-params The set of rule parameters to further restrict the traffic that is matched to this interface. See optional rule parameters: sanewall-rule-params(5) for information on the parameters that can be used. Some examples: interface eth0 intranet src 192.0.2.0/24 interface eth0 internet src not "${UNROUTABLE_IPS}" See Sanewall configuration: sanewall.conf(5) for an explanation of ${UNROUTABLE_IPS}.
SEE ALSO
Sanewall program: sanewall(1) Sanewall configuration: sanewall.conf(5) router definition: sanewall-router(5) policy command: sanewall-policy(5) protection command: sanewall-protection(5) client command: sanewall-client(5) server, route commands: sanewall-server(5) group command: sanewall-group(5) iptables helper: sanewall-iptables(5) masquerade helper: sanewall-masquerade(5)
AUTHOR
Sanewall Team
COPYRIGHT
Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>