IPTables (Firehol) rule to only allow whitelist client IP's outbound to PPP interface

Question

Im using Firehol on my PPP gateway and looking for a way to only allow a list of whitelisted client LAN ip's outbound internet traffic.

I have tried the commented out line, but that blocks all clients.

interface4 "${lan_interface}" lan
    policy accept

interface4 "${ppp_interface}" internet
    protection strong

    policy reject
    ### client all accept src "${LAN_HOSTS_WHITELIST}"
    client all accept

    server http accept
    server https accept
    server ssh accept src "${SSH_ACCESS}"
    server ping accept src "${ICMP_ACCESS}"
    server ident reject with tcp-reset

 router4 lan2internet inface "${lan_interface}" outface "${ppp_interface}"
    masquerade
    route all accept

score 1 · Answer 1 · answered Dec 14 '17 at 11:09

I solved this by moving the whitelist hosts to the route

interface4 "${lan_interface}" lan
    policy accept

interface4 "${ppp_interface}" internet
    protection strong

    policy reject
    client all accept

    server http accept
    server https accept
    server ssh accept src "${SSH_ACCESS}"
    server ping accept src "${ICMP_ACCESS}"
    server ident reject with tcp-reset

 router4 lan2internet inface "${lan_interface}" outface "${ppp_interface}"
    masquerade
    route all accept src "${LAN_HOSTS_WHITELIST}"

IPTables (Firehol) rule to only allow whitelist client IP's outbound to PPP interface

1 Answers1