I am happily using Shorewall with LEAF-Bering at home and on Mandrake in my
classroom. I have it doing what I need it to, but am looking for a cleaner
syntax.
I have it set up to firewall all the systems in the room from the rest of
the network. I also have a cron job that shuts off access from the student
machines during the time that I lecture. (It''s hard to compete with the
Internet.) To do this I run a script that has:
/sbin/shorewall drop 192.168.1.1
/sbin/shorewall drop 192.168.1.2
...
and another that reopens the gateway when it tis time for labs (allow
instead of drop).
the policy file has ACCEPT loc net
I have two things I would like to do:
1) have a single line that would be something like
/sbin/shorewall drop 192.168.1.1-192.168.1.15
2) get the students access only to port 80 through the gateway but leave
full access for my instructor machines.
Any suggestions will be appreciated.
JamesS
On Tue, 1 Apr 2003, JamesSturdevant wrote:> I have two things I would like to do: > 1) have a single line that would be something like > /sbin/shorewall drop 192.168.1.1-192.168.1.15 > 2) get the students access only to port 80 through the gateway but leave > full access for my instructor machines. > > Any suggestions will be appreciated.Using the hosts file, define two zones -- one for students and one for you. Normally allow both you and the students access to the net. Create an alternate configuration that does not allow students access to the net. When you want to deny student access, restart shorewall using the alternate configuration. When you want to give them net access, restart shorewall with the normal configuration. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net