Destination specific rules

debops / ansible-ferm

Manage iptables firewall using ferm

GNU General Public License v3.0

33 stars 20 forks source link

Destination specific rules #56

Open StephanErb opened 9 years ago

StephanErb commented 9 years ago

As user of ansible-ferm, I'd like to have an easy way to setup destination-specific firewall rules.

Consider the following example:

eth0 (ip 10.0.1.1\24): used as the management interfaces, SSHd binds here
eth1(ip 10.0.2.1\24): used for running services such as HTTP, ...

I would like to setup rules that are specifc to a given destination IP. For example, eth0 should only accept SSH traffic but nothing else.

drybjed commented 9 years ago

Good idea, probably adding item.interface option to dport_accept and other INPUT rules should be sufficient to make this possible. I plan to move them in the near future to the new directory-based config structure, then I'll probably add that option in the templates (and update the old ones as well). If you want, you can post PR for adding this in the current ones.

StephanErb commented 9 years ago

Thanks for the quick response. That feature is very nice to have, but not a real blocker for me. I can wait for your upcoming reorganization.