I'm using Linux/iptables and looking for a way to create policy rules in fwbuilder that only apply to a single chain. Whenever I create an "Inbound" rule, I always get INPUT and FORWARD iptables rules generated. For "Outbound" rules I get OUTPUT and FORWARD and for "Both" rules, I get all three. Unfortunately I have cases where I need only an INPUT (or OUTPUT or FORWARD) rule generated.
I can get around this (kind of) by turning OFF the "Assume firewall is part of 'any'" option BUT I must then supply a rule source or destination ip address/network. This doesn't work for un-numbered interfaces.
Am i missing something obvious for creating a simple rule that allows access to the firewall itself but prevents forwarding?
"-A INPUT -i eth1 -p tcp -m tcp -dport 22 -m state -state NEW -j ACCEPT"
without a corresponding
"-A FORWARD -i eth1 -p tcp -m tcp -dport 22 -m state -state NEW -j ACCEPT"
just put firewall object in "Destination" of the rule
Yes, but… "Destination" creates ip based match criteria which won't work for an un-numbered interface. Fwbuilder simply skips them when it generates the rules.
Oh wait… you mean the actual "firewall" object. :)
Yep, that worked. So simple actually. I just missed it.