Hi Graham,

You have several options...

1) The web interface allows you to specify which LAN interfaces can talk to 
each other

2) There is a ALLOWLANS AstLinux variable...

## Allow LAN to LAN traffic for internal interfaces, defaults to disallow
## Space separate "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd 
Internal Interface
## Separate groups using a ~ (tilde)                                            
            
#ALLOWLANS="INTIF INT2IF"
#ALLOWLANS="INTIF INT2IF~INTIF INT3IF" # (INTIF <=> INT2IF talk and INTIF <=> 
INT3IF talk, but *not* INT2IF <=> INT3IF)
#ALLOWLANS="INTIF INT2IF INT3IF"
                                                                          
3) Use the IF_TRUSTS variable directly (which both above use)

Lonnie

PS: The INT_IF_TRUST variable went away in the AIF firewall some time ago, 
replaced by the more powerful IF_TRUSTS.


On Oct 6, 2010, at 5:04 PM, Graham S. Jarvis wrote:

> Hello,
> 
> I'd like to return to this post with a question for 0.7.3 :
> 
> I don't find INT_IF_TRUST in firewall.conf
> but I do find the following:
> 
> # (EXPERT SETTING!) (Other) trusted network interfaces for which ALL IP
> # traffic should be ACCEPTED. (multiple(!) interfaces should be space
> # separated). Be warned that anything TO and FROM these interfaces is
> allowed
> # (ACCEPTED) so make sure it's NOT routable(accessible) from the outside
> world
> # (internet)! And of course putting one of your external interfaces here
> would
> # be extremely stupid.
> #
> -----------------------------------------------------------------------------
> TRUSTED_IF=""
> 
> # (EXPERT SETTING!) Put here the interfaces that should trust
> # each other (accept forward traffic). You can use | (piping-sign) to create
> # seperate interface groups. And (again) of course putting one of your
> external
> # interfaces here would be extremely stupid.
> #
> -----------------------------------------------------------------------------
> IF_TRUSTS=""
> 
> Which one should I use in user.conf ???
> 
> Could someone explain what the difference is between these two variables
> please.
> 
> Thanks,
> 
> -Graham-
> 
> 
> Lonnie Abelbeck wrote on 27/03/2009 15:46:
>> Chris,
>> 
>> The Firewall tab in the web interface uses an additional level of  
>> abstraction for the firewall rules and then automatically generates  
>> either Arno 1.8.8 (AstLinux 0.6.x) or Arno 1.9.0 (AstLinux 0.7 and  
>> trunk) arno firewall variables.
>> 
>> The Firewall tab assumes a default, unedited firewall.conf.  The /mnt/ 
>> kd/rc.conf.d/gui.firewall.conf contains the variables that overrides  
>> the defaults of the stock firewall.conf file.  Any firewall setting  
>> not covered with the Firewall tab can be added via the Network tab's  
>> Advanced - User System Variables button (user.conf).
>> 
>> Basically, the firewall.conf file is used to set defaults and  
>> documentation for the arno firewall, much like the /stat/etc/rc.conf  
>> does for the AstLinux system.
>> 
>> I see Darrick has responded... well done.
>> 
>> Lonnie
>> 
>> 
>> On Mar 27, 2009, at 9:12 AM, Chris Abnett wrote:
>> 
>>> What is the web interface reading?? I fixed my issue by editing the
>>> /mnt/kd/arno-iptables-firewall/firewall.conf file.
>>> 
>>> When I go to the web interface and go to the firewall configuration  
>>> it says
>>> there are no rules defined.... please don't tell me I need to start  
>>> over -
>>> ive got a lot of rules.. the immediate issue is fixed.. but what is  
>>> the
>>> *Right* way to admin my machine so that in furute I don't wipe  
>>> things when I
>>> re-compile and upgrade?..
>>> 
>>> I have been used to using both the Gui and editing the Config files  
>>> for
>>> Asterisk itself using the asterisk-gui and have seen no ill  
>>> effects....
>>> 
>>> But does the alt-web interface first read the configs and then  
>>> populate the
>>> web gui or is there a separate database where the gui stores its  
>>> info and
>>> then writes out the configs..
>>> -Christopher
>> 
>> 
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>> 
>> Donations to support AstLinux are graciously accepted via PayPal to 
>> pay...@krisk.org.
>> 
> 
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to