ClearFoundation

I have added firewall rules, eth0 works fine, but they do not allow traffic to the alias on the card.

I have eth0 and eth0:1 which are both active.

How do I add rules to eth0:1?

Also, where are the rules kept. I ran iptables-save and the output does not show the current rules.

Thanks in Adavance

Solution :

1. iptables-save does show the firewall rules (but for some reason, I had to issue a /etc/init.d/firewall restart, before it was current)
2. I found /etc/rc.d contains firewall rule files including rc.firewall.local which says clearly that

"
# Custom firewall rules.
# This file is executed by the firewall on stop/start/restart.
"

so i added the following:

iptables -A INPUT -d x.x.x.10 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -d x.x.x.10 -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -d x.x.x.10 -p udp -m udp --dport 53 -j ACCEPT

where
x.x.x.10 is the address of the alias eth0:1

I issued the

/etc/init.d/firewall restart

I looked at the firewall rules

iptables -L -n

The rules where there, great. I removed them restarted named and they were gone. I added them back and restarted, they were there. I did not reboot, but they should still work on reboot.

A nice tweak would be to add logic to the GUI, such that, when an alias exists before the firewall rules are added then both IPs will get the same rule. Or perhaps, just adding that to the advance options, where you have to pick an IP address or all for a particular interface.


So all is good!

You should use the -I flag instead of the -A flag otherwise they will be appended to the bottom of the chain, and occur after the default 'DROP' everything else rule

Thanks for posting your solution...I think you have to use the advanced firewall module for forwarding traffic to virtual interfaces, which effectively achieves the same as you have above

Thanks for the update:

I tried both, adding the I and using the advanced rules. Both worked.