Hi, Niall
2006/3/29, Niall O Broin <niall at makalumedia.com>:
> I have a situation where I want to allow only certain hosts on a LAN
> external access. Can any of you think of a handy way of doing that in
> shorewall? Clearly I can create rules for each allowed host, but that
> would be longwinded. Unfortunately, the hosts are not contiguous so
> that I could use a subnet range. I rather expect that I'm going to
> have to generate individual rules per allowed host, but I just
> thought I'd ask before going further.
>I have never worked with shorewall, so I cannot give you commands
directly, but I can show you how to do it with regular IPTABLES :)
FW=/sbin/iptables
1-create a policy for those servers and define the list of servers
$FW -N name_to_server_policy
$FW -A name_to_server_policy -d IP_SERVER1 -j ACCEPT
$FW -A name_to_server_policy -d IP_SERVER2 -j ACCEPT
$FW -A name_to_server_policy -d IP_SERVER3 -j ACCEPT
$FW -A name_to_server_policy -d IP_SERVERn -j ACCEPT
2- define your rules:
(for example ssh and dns)
$FW -A FORWARD -p tcp -m multiport --dports 22,53 -j name_to_server_policy
You can apply any rule to that policy and add servers to your list
Say thanks to Ronan Cuniffe, who show me this way.
I hope this is usefull
--
Andres Jimenez
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
