Custom iptables rules

it-lf · July 15, 2019, 7:20am

Hallo

i need the following iptables rules
iptables -I FORWARD -m physdev --physdev-is-bridged --physdev-in tap0 --physdev-out eth0 -j DROP
iptables -D FORWARD -m physdev --physdev-is-bridged --physdev-in tap0 --physdev-out eth0 -s xxx.xxx.xxx.xxx -j ACCEPT
iptables -D FORWARD -m physdev --physdev-is-bridged --physdev-in tap0 --physdev-out eth0 -s xxx.xxx.xxx.xxx -d xxx.xxx.xxx.xxx -j ACCEPT

my workaround is hook the shorewall events and execute the rules manually .

is it possible to do this with firewall rules/object or where is the right place to insert the rules ?

Thanks uwe

filippo_carletti · July 15, 2019, 9:01am

It’s not possibile to create rules like those with the user interface.
You should put them into /etc/shorewall/started.

it-lf · July 17, 2019, 7:46am

Thanks for the hint .