add appliance firewall
Usage
stack add appliance firewall {appliance ...} {action=string} {chain=string} {protocol=string} {service=string} [comment=string] [flags=string] [network=string] [output-network=string] [rulename=string] [table=string]
Description
Add a firewall rule for an appliance type.
Arguments
-
[appliance]Appliance type (e.g., “backend”).
Parameters
[action=string][chain=string][protocol=string][service=string]{comment=string}{flags=string}{network=string}{output-network=string}{rulename=string}-
{table=string}The table to add the rule to. Valid values are ‘filter’, ‘nat’, ‘mangle’, and ‘raw’. If this parameter is not specified, it defaults to ‘filter’
Examples
-
stack add appliance firewall login network=private service="all" protocol="all" action="ACCEPT" chain="FORWARD"Accept all services and all protocols on the private network for the FORWARD chain. If ‘eth0’ is associated with the private network on a login appliance, then this will be translated as the following iptables rule: “-A FORWARD -i eth0 -j ACCEPT”
-
stack add appliance firewall login service="8649" protocol="udp" action="REJECT" chain="INPUT"Reject UDP packets with a destination port of 8649 on all networks for the INPUT chain. On login appliances, this will be translated into the following iptables rule: “-A INPUT -p udp –dport 8649 -j REJECT”
Edited by: Chris Ladd on Fri Oct 11 12:15:23 2019 -0700
Commit: 3a71eaf