warsono@unitedtractors.com
2002-Nov-13 04:38 UTC
[Shorewall-users] workstation/client definition
Dear all, I''ve installed shorewall but I still confuse about client/workstation, for example I have file /etc/hosts : (about 300 hosts client) wswars 10.2.1.1 wsandy 10.2.1.2 .. .. and I want rules configuration for example: action source desc services ACCEPT wswars all www,ftp ACCEPT wswars net www ACCEPT groups-users net www should I register client/workstation in /etc/shorewall/hosts? and how to registering users workstations? could shorewall grouping users/workstation and how? Regards
--On Wednesday, November 13, 2002 11:38:07 AM +0700 "warsono@unitedtractors.com" <warsono@unitedtractors.com> wrote:> > > Dear all, > I''ve installed shorewall but I still confuse about client/workstation, for > example I have file /etc/hosts : (about 300 hosts client) > wswars 10.2.1.1 > wsandy 10.2.1.2 > .. > .. > and I want rules configuration for example: > > action source desc services > ACCEPT wswars all www,ftp > ACCEPT wswars net www > ACCEPT groups-users net www > > > should I register client/workstation in /etc/shorewall/hosts? > and how to registering users workstations? > could shorewall grouping users/workstation and how?First of all, as explained at http://shorewall.sf.net/configuration_file_basics.htm, DNS names used in Shorewall configuration file must be fully qualified. Secondly, Shorewall rules are expressed primarily in terms of _zone_ names, not individual host names. You can use host names in the rules file but only to qualify a zone name (e.g., net:www.foo.com) -- as I mention several places on the web site, I actively discourage such use (unless the hosts are defined in the firewall''s local /etc/hosts). If you want to assign individual hosts to a particular zone, you do that in the /etc/shorewall/hosts file. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net