Redhat has something called firewalld which generates rules based on zones. I don't use it because using dbus to help manage rules scares me. But it's there and could be what you want.
David F <deb...@meta-dynamic.com> wrote: >On 11/09/2013 12:47 PM, Bill.M wrote: >> But is there anyway to specify both eth0 and wlan0 as equally valid >> interfaces on my laptop depending on whether it's in my dock or on >the road? >> >> For example, -i wlan0,eth0 or -o wlan0,eth0 >> Is something like these possible? > >* You can avoid specifying any interface at all, so long as you don't >mind >the rule being applied to the loopback interface as well. Chances are >very >good that this will work for you and is the best solution, but you need >to >evaluate the rules in question. > >* You can use a '+' at the end of the interface name which acts as a >wildcard. This won't help since your interfaces names differ in the >first >character, not the last, but you can easily customize their names to >differ >in their suffix rather than prefix by editing: >/etc/udev/rules.d/70-persistent-net.rules > >* You can create a new chain, have packets from either interface jump >to it >via two rules, then put the rest of your rules in that chain, without >specifying an interface name. > >e.g. (untested): >iptables -t filter -N foo >iptables -t filter -A INPUT -i eth0 -j foo >iptables -t filter -A INPUT -i wlan0 -j foo >iptables -t filter -A foo --src 1.2.3.4 -j DROP >iptables -t filter -A foo -p tcp --dport 80 -j DROP >... > >-- David -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/b20675f7-67d9-4942-9dca-de4102336...@email.android.com
