Dear Tom and everyone, Here is my scenario. I have a firewall running 1.3.7b. Entire internet has access to my firewall on port 22, but there is also House A, B and C on the internet that I want to also have access port 1352. The question is do I need to define each of these houses (single IP addresses not networks) in the zones and hosts file as a separate zone? If not in the zones and hosts file then where? Is there a way to define some IP addresses that are not on the same network and then assign that group to a particular zone? I don''t want to specify each and every IP address in the rules file like this "ACCEPT net:65.202.62.34 loc tcp 1352" and so on, because It may become a long list. Thank you very much, Val V.
Val Vechnyak wrote:> Dear Tom and everyone, > > > > Here is my scenario. > > I have a firewall running 1.3.7b. Entire internet has access to my > firewall on port 22, but there is also House A, B and C on the internet > that I want to also have access port 1352. > > > > The question is do I need to define each of these houses (single IP > addresses not networks) in the zones and hosts file as a separate zone? > If not in the zones and hosts file then where? Is there a way to define > some IP addresses that are not on the same network and then assign that > group to a particular zone?Yes -- you do that in the hosts file.> > I don’t want to specify each and every IP address in the rules file like > this > > "ACCEPT net:65.202.62.34 loc tcp 1352" and so on, because It may become > a long list. > >You might look at http://www.shorewall.net/whitelisting_under_shorewall.htm -- it may give you some additional clues. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net