Shorewall users - May 2003 - more than one ip in a subzone/hosts

Hi,
maybe someone can help me simply via email for a particular question:

The doku of shorewall says:

HOST(S) - The name of a network interface followed by a colon (":")
followed by either:
             1. An IP address (example - eth1:192.168.1.3)
             2. A subnet in CIDR notation (example -
                eth2:192.168.2.0/24)	

What if I like to have more than 1 host on eth1: but not a whole subnet.

What I want to do is:

use a zone called loc-trust with IPs from 192.168.0.10-20
and a zone called loc-untrust with IPs from 192.168.0.21-100

to provide different rules for different users.

Any help will be appreciated a lot

Regards

Andy

On 24 May 2003 23:03:25 +0200, NDEE <ndee@softhome.net> wrote:
> Hi,
> maybe someone can help me simply via email for a particular question:
>
> The doku of shorewall says:
>
> HOST(S) - The name of a network interface followed by a colon
(":")
> followed by either:
> 1. An IP address (example - eth1:192.168.1.3)
> 2. A subnet in CIDR notation (example -
> eth2:192.168.2.0/24)
>
> What if I like to have more than 1 host on eth1: but not a whole subnet.
>
> What I want to do is:
>
> use a zone called loc-trust with IPs from 192.168.0.10-20
> and a zone called loc-untrust with IPs from 192.168.0.21-100
Zone names can only be 5 bytes long (and as Tuomo Soini points out, they 
may only be 4 bytes long in 1.4.4).
>
> to provide different rules for different users.
>
> Any help will be appreciated a lot
>
Use multiple records in the hosts file to define each zone:

loct	192.168.0.0/28
loct	192.168.0.16/30
loct	192.168.0.20

locu	...

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net