Re: IPTables question
Redhat has something called firewalld which generates rules based on zones. I don't use it because using dbus to help manage rules scares me. But it's there and could be what you want.
David F <debian@meta-dynamic.com> wrote:
>On 11/09/2013 12:47 PM, Bill.M wrote:
>> But is there anyway to specify both eth0 and wlan0 as equally valid
>> interfaces on my laptop depending on whether it's in my dock or on
>the road?
>>
>> For example, -i wlan0,eth0 or -o wlan0,eth0
>> Is something like these possible?
>
>* You can avoid specifying any interface at all, so long as you don't
>mind
>the rule being applied to the loopback interface as well. Chances are
>very
>good that this will work for you and is the best solution, but you need
>to
>evaluate the rules in question.
>
>* You can use a '+' at the end of the interface name which acts as a
>wildcard. This won't help since your interfaces names differ in the
>first
>character, not the last, but you can easily customize their names to
>differ
>in their suffix rather than prefix by editing:
>/etc/udev/rules.d/70-persistent-net.rules
>
>* You can create a new chain, have packets from either interface jump
>to it
>via two rules, then put the rest of your rules in that chain, without
>specifying an interface name.
>
>e.g. (untested):
>iptables -t filter -N foo
>iptables -t filter -A INPUT -i eth0 -j foo
>iptables -t filter -A INPUT -i wlan0 -j foo
>iptables -t filter -A foo --src 1.2.3.4 -j DROP
>iptables -t filter -A foo -p tcp --dport 80 -j DROP
>...
>
>-- David
Reply to: