Hi
I''m working on a captive portal here, and the way I figured was nicest
to do it in a generalisable fashion is to create a sub zone cloc:loc and
then to give that full access (or some ground down access) and then to
push addresses into there as they authenticate (shorewall add
eth0:ipaddress cloc).
so zones is
loc ipv4
net ipv4
cloc:loc
policy is
cloc all ACCEPT
loc all DROP
net all DROP
etc
Now the problem comes where I add a policy, cloc2all appears to get
unreferenced at the end of the cloc2net chains. This means although the
policy is ACCEPT that rule is never hit.
If I compare this to the way loc2all is implemented, at the end of
loc2net there should be a chain reference to the loc2all policy.
Chain cloc2all (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * * 0.0.0.0/0
0.0.0.0/0
Chain cloc2net (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11
0 0 ACCEPT 47 -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1723
When I create an "ACCEPT cloc all" rule then it all works as expected,
but shorewall moans at startup that the rule should be moved to policies.
--
Colin Alston <colin@thusa.co.za>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/