firehol-policy man page

firehol-policy — set default action for an interface or router


policy action


The policy subcommand defines the default policy for an interface or router.

The action can be any of the actions listed in firehol-actions(5).


Change the default policy of a router only if you understand clearly what will be matched by the router statement whose policy is being changed.

It is common to define overlapping router definitions. Changing the policy to anything other than the default return may cause strange results for your configuration.


Do not set a policy to accept unless you fully trust all hosts that can reach the interface. FireHOL CANNOT be used to create valid "accept by default" firewalls.


interface eth0 intranet src
  # I trust this interface absolutely
  policy accept

See Also

firehol(1) - FireHOL program
firehol.conf(5) - FireHOL configuration
firehol-interface(5) - interface definition
firehol-router(5) - router definition
FireHOL Website (
FireHOL Online PDF Manual (
FireHOL Online HTML Manual (


FireHOL Team.

Referenced By

firehol-conf(5), firehol-interface(5), firehol-modifiers(5), firehol-router(5), firehol-variables(5).

Built 15 Feb 2015 FireHOL Reference 2.0.1