.\" Automatically generated by Pandoc 3.1.3
.nh
.\"
.\" Define V font for inline verbatim, using C font in formats
.\" that render this, and otherwise B font.
.ie "\f[CB]x\f[]"x" \{\
. ftr V B
. ftr VI BI
. ftr VB B
. ftr VBI BI
.\}
.el \{\
. ftr V CR
. ftr VI CI
. ftr VB CB
. ftr VBI CBI
.\}
.TH "firehol-interface" "5" "Built 30 Mar 2024" "FireHOL Reference" "3.1.7"
.hy
.SH NAME
.PP
firehol-interface - interface definition
.SH SYNOPSIS
.PP
{ interface | interface46 } \f[I]real-interface\f[R] \f[I]name\f[R]
\f[I]rule-params\f[R]
.PP
interface4 \f[I]real-interface\f[R] \f[I]name\f[R] \f[I]rule-params\f[R]
.PP
interface6 \f[I]real-interface\f[R] \f[I]name\f[R] \f[I]rule-params\f[R]
.SH DESCRIPTION
.PP
An \f[V]interface\f[R] definition creates a firewall for protecting the
host on which the firewall is running.
.PP
The default policy is DROP, so that if no subcommands are given, the
firewall will just drop all incoming and outgoing traffic using this
interface.
.PP
The behaviour of the defined interface is controlled by adding
subcommands from those listed in INTERFACE SUBCOMMANDS.
.RS
.PP
\f[B]Note\f[R]
.PP
Forwarded traffic is never matched by the \f[V]interface\f[R] rules,
even if it was originally destined for the firewall but was redirected
using NAT.
Any traffic to be passed through the firewall for whatever reason must
be in a \f[V]router\f[R] (see firehol-router(5)).
.RE
.RS
.PP
\f[B]Note\f[R]
.PP
Writing \f[V]interface4\f[R] is equivalent to writing
\f[V]ipv4 interface\f[R] and ensures the defined interface is created
only in the IPv4 firewall along with any rules within it.
.PP
Writing \f[V]interface6\f[R] is equivalent to writing
\f[V]ipv6 interface\f[R] and ensures the defined interface is created
only in the IPv6 firewall along with any rules within it.
.PP
Writing \f[V]interface46\f[R] is equivalent to writing
\f[V]both interface\f[R] and ensures the defined interface is created in
both the IPv4 and IPv6 firewalls.
Any rules within it will also be applied to both, unless they specify
otherwise.
.RE
.SH PARAMETERS
.TP
\f[I]real-interface\f[R]
This is the interface name as shown by \f[V]ip link show\f[R].
Generally anything iptables(8) accepts is valid.
.RS
.PP
The + (plus sign) after some text will match all interfaces that start
with this text.
.PP
Multiple interfaces may be specified by enclosing them within quotes,
delimited by spaces for example:
.IP
.nf
\f[C]
interface \[dq]eth0 eth1 ppp0\[dq] myname
\f[R]
.fi
.RE
.TP
\f[I]name\f[R]
This is a name for this interface.
You should use short names (10 characters maximum) without spaces or
other symbols.
.RS
.PP
A name should be unique for all FireHOL interface and router
definitions.
.RE
.TP
\f[I]rule-params\f[R]
The set of rule parameters to further restrict the traffic that is
matched to this interface.
.RS
.PP
See firehol-params(5) for information on the parameters that can be
used.
Some examples:
.IP
.nf
\f[C]

interface eth0 intranet src 192.0.2.0/24

interface eth0 internet src not \[dq]${UNROUTABLE_IPS}\[dq]
\f[R]
.fi
.PP
See firehol.conf(5) for an explanation of ${UNROUTABLE_IPS}.
.RE
.SH SEE ALSO
.IP \[bu] 2
firehol(1) - FireHOL program
.IP \[bu] 2
firehol.conf(5) - FireHOL configuration
.IP \[bu] 2
firehol-params(5) - optional rule parameters
.IP \[bu] 2
firehol-modifiers(5) - ipv4/ipv6 selection
.IP \[bu] 2
firehol-router(5) - router definition
.IP \[bu] 2
firehol-iptables(5) - iptables helper
.IP \[bu] 2
firehol-masquerade(5) - masquerade helper
.IP \[bu] 2
FireHOL Website (http://firehol.org/)
.IP \[bu] 2
FireHOL Online PDF Manual (http://firehol.org/firehol-manual.pdf)
.IP \[bu] 2
FireHOL Online Documentation (http://firehol.org/documentation/)
.SS Interface Subcommands
.IP \[bu] 2
firehol-policy(5) - policy command
.IP \[bu] 2
firehol-protection(5) - protection command
.IP \[bu] 2
firehol-server(5) - server, route commands
.IP \[bu] 2
firehol-client(5) - client command
.IP \[bu] 2
firehol-group(5) - group command
.SH AUTHORS
FireHOL Team.