Re: A query about interfaces
On 24 Apr 2005, Ajitabh Pandey wrote:
> I installed firehol package from unstable yesterday. The defaul configuration
> allows everything in.
The shipped configuration, in the Debian package, has exactly one line
client all allow
The is an "all outbound, none inbound" configuration, which is a safe
and reasonable default. :)
> So I went through the tutorial on the firehol homepage.
> When I issued the "ip link show" command, I found the following:
> ajitabhp@fimbles:~ $ ip link show
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
> link/ether 00:06:5b:12:66:d4 brd ff:ff:ff:ff:ff:ff
> 3: sit0: <NOARP> mtu 1480 qdisc noop
> link/sit 0.0.0.0 brd 0.0.0.0
> Now I just have one eth0 card on my machine and that is connected to the
> D-link router which in-turn is connected to the broadband modem. What I am
> not able to understand is the sit0 interface, what is that?
sit0 is a generic tunnelling interface. You have one of the IP
tunneling modules loaded or built in, and it is adding that interface
for configuration and tunneling.
> Any quickies on the /etc/firehol/firehol.conf file.
Don't use 'client all accept', actually delineate which things you want
to allow your clients to do.
Use variables extensively, unless you have a one (or maybe two) machine
network, so that you can change IP addresses, host names, or whatever,
without having to edit every single line of the file.
Remember that firehol usually runs *before* your name server can be
reached, so don't assume it is present. :)
 I can't recall exactly which one, but I don't think you really
There is no reality except the one contained within us. That is why so many
people live such an unreal life. They take the images outside them for reality
and never allow the world within to assert itself.
-- Hermann Hesse