Hi, I have the rule at /etc/shorewall/rules DNAT net loc:172.55.78.146:3389 tcp 3389 - 200.207.x.y My question is: Can I create a "pool" (list) of addresses, changing "net" by 143.56.x.y , 167.102.x.y , 201.23.x.y , etc ??? How can I optimize this rule ? Best regards, Anderson Oliveira
Anderson do Carmo de Oliveira wrote:> Hi, > > > I have the rule at /etc/shorewall/rules > > > DNAT net loc:172.55.78.146:3389 tcp 3389 - 200.207.x.y > > > My question is: > > Can I create a "pool" (list) of addresses, changing "net" by 143.56.x.y , > 167.102.x.y , 201.23.x.y , etc ??? > > How can I optimize this rule ?You can''t optimize it in the sense that it will be more efficient but you can make it easier to write if you only want to allow traffic from a list of hosts: /etc/shorewall/params: POOL=143.56.x.y,167.102.x.y,201.23.x.y /etc/shorewall/rules: DNAT net:$POOL loc:172.55.78.146:3389 tcp 3389 - 200.207.x.y Is that what you want? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom, my objective was to create a list, where I could register the addresses that has permission to access a certain host in a certain port. in the way that you informed, do I manage to do that? best regards, Anderson Oliveira ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Wednesday, April 21, 2004 5:43 PM Subject: Re: [Shorewall-users] DNAT used by addresses pool> Anderson do Carmo de Oliveira wrote: > > Hi, > > > > > > I have the rule at /etc/shorewall/rules > > > > > > DNAT net loc:172.55.78.146:3389 tcp 3389 - 200.207.x.y > > > > > > My question is: > > > > Can I create a "pool" (list) of addresses, changing "net" by 143.56.x.y,> > 167.102.x.y , 201.23.x.y , etc ??? > > > > How can I optimize this rule ? > > You can''t optimize it in the sense that it will be more efficient but > you can make it easier to write if you only want to allow traffic from a > list of hosts: > > /etc/shorewall/params: > > POOL=143.56.x.y,167.102.x.y,201.23.x.y > > /etc/shorewall/rules: > > DNAT net:$POOL loc:172.55.78.146:3389 tcp 3389 - 200.207.x.y > > Is that what you want? > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Anderson do Carmo de Oliveira wrote:> Tom, > > > my objective was to create a list, where I could register the addresses that > has permission to access a certain host in a certain port. > > in the way that you informed, do I manage to do that? >Yes. Although you must restart Shorewall each time that you change the list. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom. Thank you a lot. I already tested and running okay. Best Regards, Anderson Oliveira ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Wednesday, April 21, 2004 5:59 PM Subject: Re: [Shorewall-users] DNAT used by addresses pool> Anderson do Carmo de Oliveira wrote: > > Tom, > > > > > > my objective was to create a list, where I could register the addressesthat> > has permission to access a certain host in a certain port. > > > > in the way that you informed, do I manage to do that? > > > > Yes. Although you must restart Shorewall each time that you change thelist.> > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >