.\" Automatically generated by Pandoc 3.1.3
.nh
.\"
.\" Define V font for inline verbatim, using C font in formats
.\" that render this, and otherwise B font.
.ie "\f[CB]x\f[]"x" \{\
. ftr V B
. ftr VI BI
. ftr VB B
. ftr VBI BI
.\}
.el \{\
. ftr V CR
. ftr VI CI
. ftr VB CB
. ftr VBI CBI
.\}
.TH "firehol-policy" "5" "Built 30 Mar 2024" "FireHOL Reference" "3.1.7"
.hy
.SH NAME
.PP
firehol-policy - set default action for an interface or router
.SH SYNOPSIS
.PP
policy \f[I]action\f[R]
.SH DESCRIPTION
.PP
The \f[V]policy\f[R] subcommand defines the default policy for an
interface or router.
.PP
The \f[I]action\f[R] can be any of the actions listed in
firehol-actions(5).
.RS
.PP
\f[B]Note\f[R]
.PP
Change the default policy of a router only if you understand clearly
what will be matched by the router statement whose policy is being
changed.
.PP
It is common to define overlapping router definitions.
Changing the policy to anything other than the default \f[V]return\f[R]
may cause strange results for your configuration.
.RE
.RS
.PP
\f[B]Warning\f[R]
.PP
Do not set a policy to \f[V]accept\f[R] unless you fully trust all hosts
that can reach the interface.
FireHOL CANNOT be used to create valid \[lq]accept by default\[rq]
firewalls.
.RE
.SH EXAMPLE
.IP
.nf
\f[C]

interface eth0 intranet src 192.0.2.0/24
  # I trust this interface absolutely
  policy accept
\f[R]
.fi
.SH SEE ALSO
.IP \[bu] 2
firehol(1) - FireHOL program
.IP \[bu] 2
firehol.conf(5) - FireHOL configuration
.IP \[bu] 2
firehol-interface(5) - interface definition
.IP \[bu] 2
firehol-router(5) - router definition
.IP \[bu] 2
FireHOL Website (http://firehol.org/)
.IP \[bu] 2
FireHOL Online PDF Manual (http://firehol.org/firehol-manual.pdf)
.IP \[bu] 2
FireHOL Online Documentation (http://firehol.org/documentation/)
.SH AUTHORS
FireHOL Team.