Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Destination specific rules #56

Open
StephanErb opened this issue Sep 14, 2015 · 2 comments
Open

Destination specific rules #56

StephanErb opened this issue Sep 14, 2015 · 2 comments

Comments

@StephanErb
Copy link

As user of ansible-ferm, I'd like to have an easy way to setup destination-specific firewall rules.

Consider the following example:

  • eth0 (ip 10.0.1.1\24): used as the management interfaces, SSHd binds here
  • eth1(ip 10.0.2.1\24): used for running services such as HTTP, ...

I would like to setup rules that are specifc to a given destination IP. For example, eth0 should only accept SSH traffic but nothing else.
@drybjed
Copy link
Member

drybjed commented Sep 14, 2015

Good idea, probably adding item.interface option to dport_accept and other INPUT rules should be sufficient to make this possible. I plan to move them in the near future to the new directory-based config structure, then I'll probably add that option in the templates (and update the old ones as well). If you want, you can post PR for adding this in the current ones.

@StephanErb
Copy link
Author

Thanks for the quick response. That feature is very nice to have, but not a real blocker for me. I can wait for your upcoming reorganization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StephanErb @drybjed