Hi, In our institutional managed network, we have 20+ VLANs. The internal network is 10gbps and IP leased line of few Mbps. We wish to control the access to Internet of few VLANs (IP ranges of /24) during certain periods of the every day (say 10:00am to 05:00pm). During the period they will be controlled for internet access but they should be allowed with the Intranet access within our network. What rules needs to be created for this kind of access, in which only connections should be affected whose status is changing, rest should not be affected? Thanks in advance -Karmath ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep
2008-Mar-20 03:49 UTC
Re: modifying VLAN based access control through Shorewall
Manoj S Gaur wrote:> Hi, > In our institutional managed network, we have 20+ VLANs. The internal > network is 10gbps and IP leased line of few Mbps. We wish to control the > access to Internet of few VLANs (IP ranges of /24) during certain > periods of the every day (say 10:00am to 05:00pm). During the period > they will be controlled for internet access but they should be allowed > with the Intranet access within our network. > What rules needs to be created for this kind of access, in which only > connections should be affected whose status is changing, rest should not > be affected?You need to create two Shorewall configurations and switch between them using a cron job (e.g., /sbin/shorewall restart <configuration directory> or /sbin/shorewall restore <saved configuration>). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/