IPTables (Firehol) rule to only allow whitelist client IP's outbound to PPP interface

Im using Firehol on my PPP gateway and looking for a way to only allow a list of whitelisted client LAN ip's outbound internet traffic.

I have tried the commented out line, but that blocks all clients.

interface4 "${lan_interface}" lan policy accept
interface4 "${ppp_interface}" internet protection strong policy reject ### client all accept src "${LAN_HOSTS_WHITELIST}" client all accept server http accept server https accept server ssh accept src "${SSH_ACCESS}" server ping accept src "${ICMP_ACCESS}" server ident reject with tcp-reset router4 lan2internet inface "${lan_interface}" outface "${ppp_interface}" masquerade route all accept

1 Answer

I solved this by moving the whitelist hosts to the route

interface4 "${lan_interface}" lan policy accept
interface4 "${ppp_interface}" internet protection strong policy reject client all accept server http accept server https accept server ssh accept src "${SSH_ACCESS}" server ping accept src "${ICMP_ACCESS}" server ident reject with tcp-reset router4 lan2internet inface "${lan_interface}" outface "${ppp_interface}" masquerade route all accept src "${LAN_HOSTS_WHITELIST}"

IPTables (Firehol) rule to only allow whitelist client IP's outbound to PPP interface

1 Answer

Your Answer

Sign up or log in

Post as a guest

More in general

"Zoraya ter Beek, age 29, just died by assisted suicide in the Netherlands. She was physically healthy, but psychologically depressed. It's an abomination that an entire society would actively facilitate, even encourage, someone ending their own life because they had no hope. Th…"

"Absolutely my pleasure, mate. It is a really incredible piece, and if it’s not featured in Substack Reads I will immediately raise a militia and….uh….then we’ll stand around grumbling and handing out leaflets (I’m British, this is how we do over here). Magically well done. And…"