Linux Advocate
2009-Jun-14 07:42 UTC
Fw: Access to Server frm authorized range of IPs only
see below... ----- Forwarded Message ----> From: Linux Advocate <linuxhousedn@yahoo.com> > To: shorewall_list <shorewall-users@lists.sourceforge.net> > Sent: Sunday, June 14, 2009 3:34:29 PM > Subject: Access to Server frm authorized range of IPs only > > Guys, > > i know i saw this somewhere but i cant seem to locate that info now... > > Scenario: > ............... > > I have a simple two interface firewall. The firewall machine also provides some > services to the LAN and to the NET. > What i would like to do is allow only a particular range of IPs frm the internet > to access those services. > > What do i need to do with my ''rules'' file. Ideally i should be able to add ip , > remove ip as required. > > Can i make a file called ''Authorized_IP.txt'' and use that?or would it be better to edit the policy file? ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Linux Advocate wrote:> ... >> I have a simple two interface firewall. The firewall machine also provides some >> services to the LAN and to the NET. >> What i would like to do is allow only a particular range of IPs frm the internet >> to access those services. >> >> What do i need to do with my ''rules'' file. Ideally i should be able to add ip , >> remove ip as required. >> >> Can i make a file called ''Authorized_IP.txt'' and use that? > > or would it be better to edit the policy file?If you expect to have a set of common rules for this particular range of IPs, then creating a separate zone and adding/removing hosts from that zone using the hosts file (and setting its access via the policy and rules files) makes good sense. http://www.shorewall.net/Multiple_Zones.html is probably a good place to start reading about this. Paul ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects