New to the Shoreline here.
I''m trying to limit all INCOMING traffic on a ''STANDALONE
FIREWALL'' to a
range - any IP at our University.
I use the shorewall iprange command like this:
> shorewall iprange 128.125.0.0-128.125.256.256
> 128.125.0.0/24
> 128.125.1.0
I see the example from the archives on 9/7/2004 that documents how to
specify ranges:> > Then code your rule as:
> >
> > ACCEPT dmz0:192.168.150.20,192.168.150.100/30,192.168.150.104/29,...
> > loc:<ts1>,<ts2>
> >
> > where ... represents the rest of the *range*s printed by the ip*range*
command.
I''m using the examples of ''calling'' the macro files
from my Rules file.
So inside my ''webbish'' Macro file (called macro.WebPlone)
I''ve got the
following:> PARAM - - tcp 80
> PARAM - - tcp 443
> PARAM - - tcp 8080
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
And finally, the rules file looks like this:
>
> WebPlone/ACCEPT net:128.125.0.0/24,128.125.1.0 $FW
>
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
But this does not work properly - and actually I''m locked out on http
everwhere !! (and when I try this same syntax for other ports, like
SSH, these are locked out as well)
I use the safe-start command, and notice it looks like the macro is
being intrepretted correctly:
> ..Expanding Macro /etc/shorewall/macro.WebPlone...
> Rule "ACCEPT net:128.125.0.0/24,128.125.1.0 fw tcp 80 - - - -"
added.
> Rule "ACCEPT net:128.125.0.0/24,128.125.1.0 fw tcp 443 - - -
-" added.
> Rule "ACCEPT net:128.125.0.0/24,128.125.1.0 fw tcp 8080 - - -
-" added.
> ..End Macro
thanks
rich
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV