Kristopher Lalletti
2003-Jan-30 05:17 UTC
[Shorewall-users] An "any" host source/destination
Just out of curiosity, I''m running shorewall on a machine that has 4 nic''s and 4 different VPN tunneled subnets. When I want to define a service that is available from any source to a certain destination, instead of making a matrix of all the different combinations possible, is there an easier way? Something like,: ACCEPT any loc tcp ssh Which would define blind SSH access for any networks that can get to the local network (either by ipsec tunnels or nat assocications) Kris
Vincent Bernat
2003-Jan-30 06:11 UTC
[Shorewall-users] Re: An "any" host source/destination
OoO En ce d?but d''apr?s-midi nuageux du jeudi 30 janvier 2003, vers 14:17, "Kristopher Lalletti" <kristopher.lalletti@nobelia.com> disait:> Just out of curiosity, I''m running shorewall on a machine that has 4 > nic''s and 4 different VPN tunneled subnets.> When I want to define a service that is available from any source to a > certain destination, instead of making a matrix of all the different > combinations possible, is there an easier way?> Something like,: ACCEPT any loc tcp ssh> Which would define blind SSH access for any networks that can get to the > local network (either by ipsec tunnels or nat assocications)Isn''t "all" done for this ? -- die_if_kernel("Penguin instruction from Penguin mode??!?!", regs); 2.2.16 /usr/src/linux/arch/sparc/kernel/traps.c
Kristopher Lalletti
2003-Jan-30 06:42 UTC
[Shorewall-users] Re: An "any" host source/destination
"all" is an accepted source/dest host? I just tested it and it doesn''t recognize it. ACCEPT all fw tcp ssh Kris -----Original Message----- From: Vincent Bernat [mailto:bernat@free.fr] Sent: January 30, 2003 9:11 AM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Re: An "any" host source/destination OoO En ce d?but d''apr?s-midi nuageux du jeudi 30 janvier 2003, vers 14:17, "Kristopher Lalletti" <kristopher.lalletti@nobelia.com> disait:> Just out of curiosity, I''m running shorewall on a machine that has 4 > nic''s and 4 different VPN tunneled subnets.> When I want to define a service that is available from any source to a > certain destination, instead of making a matrix of all the different > combinations possible, is there an easier way?> Something like,: ACCEPT any loc tcp ssh> Which would define blind SSH access for any networks that can get to the > local network (either by ipsec tunnels or nat assocications)Isn''t "all" done for this ? -- die_if_kernel("Penguin instruction from Penguin mode??!?!", regs); 2.2.16 /usr/src/linux/arch/sparc/kernel/traps.c _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users
--On Thursday, January 30, 2003 9:41 AM -0500 Kristopher Lalletti <kristopher.lalletti@nobelia.com> wrote:> "all" is an accepted source/dest host? > > > I just tested it and it doesn''t recognize it. > > ACCEPT all fw tcp ssh >>From the release notes of Shorewall Version 1.3.11:It is now allowed to use ''all'' in the SOURCE or DEST column in a rule. When used, ''all'' must appear by itself (in may not be qualified) and it does not enable intra-zone traffic. For example, the rule ACCEPT loc all tcp 80 does not enable http traffic from ''loc'' to ''loc''. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Vincent Bernat
2003-Jan-30 07:06 UTC
[Shorewall-users] Re: An "any" host source/destination
OoO En ce d?but d''apr?s-midi ensoleill? du jeudi 30 janvier 2003, vers 15:41, "Kristopher Lalletti" <kristopher.lalletti@nobelia.com> disait:> "all" is an accepted source/dest host? > I just tested it and it doesn''t recognize it.# SOURCE Source hosts to which the rule applies. May be a zone # defined in /etc/shorewall/zones, $FW to indicate the # firewall itself, or "all" If the ACTION is DNAT or # REDIRECT, sub-zones of the specified zone may be # excluded from the rule by following the zone name with # "!'' and a comma-separated list of sub-zone names. (same for DEST). Shorewall 1.3 -- SPITWADS ARE NOT FREE SPEECH SPITWADS ARE NOT FREE SPEECH SPITWADS ARE NOT FREE SPEECH -+- Bart Simpson on chalkboard in episode 8F01