Sun Jun 24 15:13:51 EDT 2012
I have many network interfaces, but really only 3 classes:
- Untrusted (internet): things like SSH, VPN, SIP, ...
- Semi-trusted: local wireless
- Trusted: LAN + VPN
Outgoing/forward I want to make sure trusted can access everything,
semi-trusted can not acess the trusted network, and untrusted can not
access semi-trusted and trusted.
For these I use bridging to make them share 3 IP segments. It seems
that bridging counts as routing for FORWARD, but as a normal interface
It's probably good to put these 3 behaviours in chains.
So.. is a user-defined chain a call/return or a jump? I think it's a
jump, because user-defined chains cannot have policies (default jump
target). Yep, that's the case.
Hmm... I don't really have a good intuitive grasp of the basics of
iptables.. Asterisk takes a lot of CPU but I wonder if this isn't
just because it's swapping the code in and out..
Can't filter on aliases, i.e. br0:0 since they are not real interfaces.