On 02/12/16 15:10, Rick Stevens wrote:
Not sure which firewall you're using.
Judging by your description of its
behavior, the odds are that the
(unless otherwise specified) default
protocol the rules affect is TCP. If
that's the case, yes, your rules
would prevent TCP-based activity
(telnet, ssh, web, etc.) from working,
but would NOT prevent UDP-based
traffic (normal DNS queries for
instance) or ICMP-based traffic (such
as ping, traceroute, etc.).
There's a whole lot of protocols that
come under the "IP" umbrella.
Dump out the content of /etc/protocols
if you want to see a (fairly
complete, but not exhaustive) list of
what's out there.
.
The example I chose had an entry for
protocol in it but I removed that
thinking I did not want to limit it to
one, false logic I guess?
config rule
option src lan
option src_ip 192.168.1.7
option dest wan
# option proto tcp
option target REJECT
The objective is to protect my servers
which I want connected to the LAN but
not the internet. The firewall is in the
router, openwrt, I want to set up.
--
Bob Goodwin - Zuni, Virginia, USA
http://www.qrz.com/db/W2BOD
box10 FEDORA-23/64bit LINUX XFCE POP3
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
