2014-04-05 16:40:09 -06:00
|
|
|
# Forwarding Rules
|
|
|
|
# Use this file to set up network address translation rules
|
|
|
|
# Use tabs or single space to separate
|
|
|
|
#
|
2014-11-29 11:50:34 -07:00
|
|
|
# <action> <src-interface> <src-address> <dst-interface> <dst-address> <bidirectional> <src-port> <dst-port> <protocol> <syn> <state> <custom>
|
2014-04-05 16:40:09 -06:00
|
|
|
#
|
|
|
|
# Action: Required ( ACCEPT | DROP )
|
|
|
|
# Source Interface: Optional ( interface name, aka eth0 )
|
|
|
|
# Source Address: Optional ( IP address with optional netmask )
|
|
|
|
# Destination Interface: Optional ( interface name, aka eth0 )
|
|
|
|
# Destination Address: Optional ( IP address with optional netmask )
|
|
|
|
# Bidirectional: Optional ( yes | no, defaults to no if '-' )
|
2014-04-12 12:57:23 -06:00
|
|
|
#
|
|
|
|
# The next set can be safely left off the end if not desired
|
|
|
|
# Source Port: Optional ( source port number, or range 1:65535 )
|
|
|
|
# Destination Port: Optional ( destination port number, or range 1:65535 )
|
|
|
|
# Protocol: Optional, required if port numbers specified ( tcp | udp )
|
|
|
|
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
2014-04-12 17:05:33 -06:00
|
|
|
# State: Optional, set the connection tracking states ( comma separated list )
|
2014-11-29 11:50:34 -07:00
|
|
|
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
2014-04-12 12:57:23 -06:00
|
|
|
#
|
2014-04-05 16:40:09 -06:00
|
|
|
# You can use '-' for optional fields
|
|
|
|
#============================================================
|
2014-11-29 11:50:34 -07:00
|
|
|
#<action> <src-interface> <src-address> <dst-interface> <dst-address> <bidirectional> <src-port> <dst-port> <protocol> <syn> <state> <custom>
|
2014-04-05 16:40:09 -06:00
|
|
|
#ACCEPT eth0 - eth1 - yes
|
|
|
|
#DROP eth1 192.168.2.0/24 eth0 0/0 no
|
2014-04-12 17:05:33 -06:00
|
|
|
#DROP eth0 - eth1 192.168.0.0/24 no - 1:1024 tcp syn NEW
|
|
|
|
#ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
|
2014-11-29 12:40:12 -07:00
|
|
|
#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - -m policy --dir in --pol ipsec --proto esp
|
2014-04-12 12:57:23 -06:00
|
|
|
|
2014-04-05 16:40:09 -06:00
|
|
|
|