Is it possible to set in the blacklist the only port that I don''t want that IP have access ? This because aviod #ADDRESS/SUBNET PROTOCOL PORT 210.0.0.0/8 tcp 21,3306,953,22222,25,110,443 Was woderful to set a ting like: #ADDRESS/SUBNET PROTOCOL PORT 210.0.0.0/8 tcp !80 This to enable only port 80 and drop all the rest of the ports. Thanks
On Wednesday 04 February 2004 08:26 am, Salvatore wrote:> Is it possible to set in the blacklist the only port that I don''t want that > IP have access ? > > This because aviod > > #ADDRESS/SUBNET PROTOCOL PORT > 210.0.0.0/8 tcp 21,3306,953,22222,25,110,443 > > Was woderful to set a ting like: > > #ADDRESS/SUBNET PROTOCOL PORT > 210.0.0.0/8 tcp !80 > > This to enable only port 80 and drop all the rest of the ports. >If you would have tried it before posting you would have found that it works just as you want it to; but only for a single port. In other words, the following does not work: 210.0.0.0/8 tcp !80,110 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Wednesday 04 February 2004 09:06 am, Salvatore wrote:> ok, > I see that is work, but just wanted to be sure. > > If I want to add another port how can I do ? > Is it correct to do: > > #ADDRESS/SUBNET PROTOCOL PORT > 210.0.0.0/8 tcp !80 > 210.0.0.0/8 tcp !110There is no way currently do make that work -- the second rule above blocks port 80. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net