Hi Graham, You have several options...
1) The web interface allows you to specify which LAN interfaces can talk to each other 2) There is a ALLOWLANS AstLinux variable... ## Allow LAN to LAN traffic for internal interfaces, defaults to disallow ## Space separate "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface ## Separate groups using a ~ (tilde) #ALLOWLANS="INTIF INT2IF" #ALLOWLANS="INTIF INT2IF~INTIF INT3IF" # (INTIF <=> INT2IF talk and INTIF <=> INT3IF talk, but *not* INT2IF <=> INT3IF) #ALLOWLANS="INTIF INT2IF INT3IF" 3) Use the IF_TRUSTS variable directly (which both above use) Lonnie PS: The INT_IF_TRUST variable went away in the AIF firewall some time ago, replaced by the more powerful IF_TRUSTS. On Oct 6, 2010, at 5:04 PM, Graham S. Jarvis wrote: > Hello, > > I'd like to return to this post with a question for 0.7.3 : > > I don't find INT_IF_TRUST in firewall.conf > but I do find the following: > > # (EXPERT SETTING!) (Other) trusted network interfaces for which ALL IP > # traffic should be ACCEPTED. (multiple(!) interfaces should be space > # separated). Be warned that anything TO and FROM these interfaces is > allowed > # (ACCEPTED) so make sure it's NOT routable(accessible) from the outside > world > # (internet)! And of course putting one of your external interfaces here > would > # be extremely stupid. > # > ----------------------------------------------------------------------------- > TRUSTED_IF="" > > # (EXPERT SETTING!) Put here the interfaces that should trust > # each other (accept forward traffic). You can use | (piping-sign) to create > # seperate interface groups. And (again) of course putting one of your > external > # interfaces here would be extremely stupid. > # > ----------------------------------------------------------------------------- > IF_TRUSTS="" > > Which one should I use in user.conf ??? > > Could someone explain what the difference is between these two variables > please. > > Thanks, > > -Graham- > > > Lonnie Abelbeck wrote on 27/03/2009 15:46: >> Chris, >> >> The Firewall tab in the web interface uses an additional level of >> abstraction for the firewall rules and then automatically generates >> either Arno 1.8.8 (AstLinux 0.6.x) or Arno 1.9.0 (AstLinux 0.7 and >> trunk) arno firewall variables. >> >> The Firewall tab assumes a default, unedited firewall.conf. The /mnt/ >> kd/rc.conf.d/gui.firewall.conf contains the variables that overrides >> the defaults of the stock firewall.conf file. Any firewall setting >> not covered with the Firewall tab can be added via the Network tab's >> Advanced - User System Variables button (user.conf). >> >> Basically, the firewall.conf file is used to set defaults and >> documentation for the arno firewall, much like the /stat/etc/rc.conf >> does for the AstLinux system. >> >> I see Darrick has responded... well done. >> >> Lonnie >> >> >> On Mar 27, 2009, at 9:12 AM, Chris Abnett wrote: >> >>> What is the web interface reading?? I fixed my issue by editing the >>> /mnt/kd/arno-iptables-firewall/firewall.conf file. >>> >>> When I go to the web interface and go to the firewall configuration >>> it says >>> there are no rules defined.... please don't tell me I need to start >>> over - >>> ive got a lot of rules.. the immediate issue is fixed.. but what is >>> the >>> *Right* way to admin my machine so that in furute I don't wipe >>> things when I >>> re-compile and upgrade?.. >>> >>> I have been used to using both the Gui and editing the Config files >>> for >>> Asterisk itself using the asterisk-gui and have seen no ill >>> effects.... >>> >>> But does the alt-web interface first read the configs and then >>> populate the >>> web gui or is there a separate database where the gui stores its >>> info and >>> then writes out the configs.. >>> -Christopher >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today. > http://p.sf.net/sfu/beautyoftheweb > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.