Colin Viebrock
2003-Aug-29 11:10 UTC
[Shorewall-users] how to Deny access from the loc to the net zone -
I assume you have in your policy file loc net ACCEPT Can''t you just add entries to your rules file like so? DROP loc:192.168.1.x net all - - Colin
Joshua Banks
2003-Aug-29 22:42 UTC
[Shorewall-users] how to Deny access from the loc to the net zone -
--- Colin Viebrock <colin@easydns.com> wrote:> I assume you have in your policy file > > loc net ACCEPT > > Can''t you just add entries to your rules file like so? > > DROP loc:192.168.1.x net all - > > - ColinOr if your using host range...an all host fall one after the other that you want to deny access... Accept loc:!192.168.1.1-192.168.25 net all - I think that this will allow everything else on the 192.168.1.x network except .1 through .25...I haven''t tried this yet because I only have one host behind my shorewall setup. But I think that this would work. Tom? Tom could configuring the "hosts" file work if configured correctly for what he''s trying to do? JBanks __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
Harry Lachanas
2003-Sep-01 03:57 UTC
[Shorewall-users] RE:how to Deny access from the loc to the net zone -
I feel the need to express my obligation to you all by e-mailling you a simple "Thank''s a lot". Your hint was quite helpfull. Actually what I did was change the default rule loc net ACCEPT to loc net DROP or REJECT and added a variable $YES_NET_IPS in params file then added a line in rules ACCEPT loc:$YES_NET_IPS net all - So far It works OK. For some reason the not (!) did not work in the rules file. DROP or REJECT loc:!$YES_NET_IPS net all - had troubles....... Special thanks to colin at easydns Best regards.