Red Hat Bugzilla – Bug 183666
RFE: Per interface firewall policy
Last modified: 2008-08-02 19:40:35 EDT
I am behind NAT on my ath0 interface, and don't need or want a firewall.
I am not behind NAT on my eth0 interface.
Different interfaces have different security requirements.
Firewall configuration needs to be per interface, not global.
Iptales has the capability to do this, and system-config-securitylevel should be
making use of it (and likely integrating with system-config-network, where you
manage each of your interfaces).
Please have a look at system-config-firewall in F8 and rawhide. There is support
for trusted devices and maquerading. Is this sufficient for you?
Great - it's good to see progress is being made!
However, I no longer use multiple interfaces or Rawhide/testing distribution.
The bug was opened too long ago, and I've moved, changed my environment, and
shifted focus to stability.
I appreciate your response though - are there plans to integrate with SELinux
ports and interfaces labeling support eventually ?
This is already possible right now: Add the netfilter context file with the
Please keep in mind, that adding rules will slow down the firewall throughput.
It could lead in a DOS, if someone is flooding your machine with packages. All
packages get labeled even those which get dropped by the firewall rules.