Hi, Got the following rule: Ping/ACCEPT net:proxy.ovh.net,proxy.p19.ovh.net,proxy.rbx.ovh.net,ping.ovh.net $FW but then everyone can ping? Or is the rule wrong? Got shorewall 3.2.6 on debian 4.0. Here are my defaullt policys: $FW net ACCEPT net all DROP info all all REJECT info would it be possible if the domain name is a dynamic ip? Grts Bart ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On 10/12/07, Bart Verstraete <bartverstraete@telenet.be> wrote:> Ping/ACCEPT > net:proxy.ovh.net,proxy.p19.ovh.net,proxy.rbx.ovh.net,ping.ovh.net $FW...> would it be possible if the domain name is a dynamic ip?Shorewall tries to resolve the IP once on ''shorewall start'', and adds this into iptables. There''s no way of changing this dynamically, once shorewall is done. So, if this is a dyndns domain name, it''ll only work till the IP changes. Prasanna.>> Grts Bart > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- www.elinanetworks.com Seamless, secure delivery of applications. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Prasanna Krishnamoorthy schreef:> On 10/12/07, Bart Verstraete <bartverstraete@telenet.be> wrote: > >> Ping/ACCEPT >> net:proxy.ovh.net,proxy.p19.ovh.net,proxy.rbx.ovh.net,ping.ovh.net $FW >> > ... > >> would it be possible if the domain name is a dynamic ip? >> > > Shorewall tries to resolve the IP once on ''shorewall start'', and adds > this into iptables. There''s no way of changing this dynamically, once > shorewall is done. > > So, if this is a dyndns domain name, it''ll only work till the IP changes. > > Prasanna.> > >> Grts Bart >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > >I don''t think the ovh.net domainnames are dynamic? But if I use that rule I also can ping it from my private dynamic ip? And that I dont wanne! Then you can ping it from other pc''s too. The hosting ompanie say that these domains have to be able to ping the server. They gave the following iptable rules: /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.p19.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.rbx.ovh.net -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p icmp --source ping.ovh.net -j ACCEPT Bart ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On 10/12/07, Bart Verstraete <bartverstraete@telenet.be> wrote:> I don''t think the ovh.net domainnames are dynamic? But if I use that > rule I also can ping it from my private dynamic ip? And that I dont > wanne! Then you can ping it from other pc''s too.No, if you use the rules you''ve given you can ping only from those IPs.> > The hosting ompanie say that these domains have to be able to ping the > server. They gave the following iptable rules: > /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.ovh.net -j ACCEPT > /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.p19.ovh.net -j ACCEPT > /sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.rbx.ovh.net -j ACCEPT > /sbin/iptables -A INPUT -i eth0 -p icmp --source ping.ovh.net -j ACCEPTThese rules should translate to the shorewall rule, you''d given. Prasanna -- www.elinanetworks.com Seamless, secure delivery of applications. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/