Shorewall users - Mar 2003 - Rules Help for newbie

I want to DENY access to port 5190 for all but two computers on my network

DROP lan wan tcp 5190
Accept lan:192.168.1.48  wan tcp 5190
Accept lan:192.168.1.47  wan tcp 5190

Will this work?  If not, what is the correct way to do it?

Thanks

--On Thursday, March 13, 2003 03:10:25 PM -0600 Tom <duffer@usa.net>
wrote:
> I want to DENY access to port 5190 for all but two computers on my network
>
> DROP lan wan tcp 5190
> Accept lan:192.168.1.48  wan tcp 5190
> Accept lan:192.168.1.47  wan tcp 5190
>
> Will this work?  If not, what is the correct way to do it?
>
That will work if you place the DROP rule after the two accept rules (and 
be sure to spell it ACCEPT). Shorewall rules are ALWAYS executed in the 
order that you list them so the way that you have them listed will deny 
access to all internal systems including the two whose IP addresses you 
list.

I would also use a REJECT rule rather than a DROP rule -- it''s a little
more friendly for internal clients.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net