Can any one help me to white-list a few machines on a local net? Thanks. ~Andrew.
On Wed, 25 Feb 2004, andrew wrote:> Can any one help me to white-list a few machines on a local net?>From the Shorewall Home page, go to Documentation->White List CreationIf there is something there that you don''t understand, please ask specific quesitons. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
How can I white list machines in the LAN without subnetting the LAN. For example when I try to add machines in the "OPS" host zone, it seem to except only subnets or single machines. A comma separated list does not work. Thank you. ~Andrew. ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Experienced Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Wednesday, February 25, 2004 10:56 PM Subject: Re: [Shorewall-users] Whitelist> On Wed, 25 Feb 2004, andrew wrote: > > > Can any one help me to white-list a few machines on a local net? > > >From the Shorewall Home page, go to Documentation->White List Creation > > If there is something there that you don''t understand, please ask specific > quesitons. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.595 / Virus Database: 378 - Release Date: 2/25/2004
On Thu, 26 Feb 2004, Andrew N. wrote:> How can I white list machines in the LAN without subnetting the LAN. > For example when I try to add machines in the "OPS" host zone, it seem to > except only subnets or single machines. > A comma separated list does not work.If anyone on the list can understand what Andrew just wrote, please respond to him. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
LAN 10.0.0.0 Firewall/gateway: 10.0.0.254 Hosts: 10.0.0.50-10.0.0.150 Need to white list 10.0.0.54,10.0.0.121,10.0.0.96. How? ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Experienced Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, February 26, 2004 9:42 PM Subject: Re: [Shorewall-users] Whitelist> On Thu, 26 Feb 2004, Andrew N. wrote: > > > How can I white list machines in the LAN without subnetting the LAN. > > For example when I try to add machines in the "OPS" host zone, it seemto> > except only subnets or single machines. > > A comma separated list does not work. > > If anyone on the list can understand what Andrew just wrote, please > respond to him. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.595 / Virus Database: 378 - Release Date: 2/25/2004
----- Original Message ----- From: "Andrew N."> LAN 10.0.0.0 > Firewall/gateway: 10.0.0.254 > Hosts: 10.0.0.50-10.0.0.150 > Need to white list 10.0.0.54,10.0.0.121,10.0.0.96.Hey Andrew, Do you mean you want 10.0.0.54,10.0.0.121,10.0.0.96 ip''s to have full access on all ports to the internet and all others to have restrictive access/limited port access? I don''t really understand what you mean when you say "whitelist" in regards to firewalling? Thanks, Joshua Banks
----- Original Message ----- From: "Andrew N."> LAN 10.0.0.0 > Firewall/gateway: 10.0.0.254 > Hosts: 10.0.0.50-10.0.0.150 > Need to white list 10.0.0.54,10.0.0.121,10.0.0.96. > How?Ahhhh. I see what your doing.. http://shorewall.net/2.0/whitelisting_under_shorewall.htm Unfortunately this looks as though you''ll need to subnet your 10.x.x.x/x network. I''m looking. So I''ll respond back if I find anything. Joshua Banks
Thanks Joshua. In the mean time I will try subneting. Should be a walk in the park. ~Andrew. ----- Original Message ----- From: "Joshua Banks" <syn_ack@comcast.net> To: "Mailing List for Experienced Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, February 26, 2004 11:06 PM Subject: Re: [Shorewall-users] Whitelist> > ----- Original Message ----- > From: "Andrew N." > > LAN 10.0.0.0 > > Firewall/gateway: 10.0.0.254 > > Hosts: 10.0.0.50-10.0.0.150 > > Need to white list 10.0.0.54,10.0.0.121,10.0.0.96. > > How? > > Ahhhh. I see what your doing.. > http://shorewall.net/2.0/whitelisting_under_shorewall.htm > > Unfortunately this looks as though you''ll need to subnet your 10.x.x.x/x > network. I''m looking. So I''ll respond back if I find anything. > > Joshua Banks > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
----- Original Message ----- From: "Joshua Banks"> Ahhhh. I see what your doing.. > http://shorewall.net/2.0/whitelisting_under_shorewall.htm > > Unfortunately this looks as though you''ll need to subnet your 10.x.x.x/x > network. I''m looking. So I''ll respond back if I find anything.The only way to do what I think your doing is by subnetting as the example states in the link above. Does anyone else know of a different way to white-list other than what''s specified in Tom''s example? The only time that I''ve done something similar was putting all windows machines in a DMZ zone. Of course these were on a different subnet and Network interfaces all together though. I don''t have allot of experience in needing to-do White-listing.. Anyone.. Anyone.. ??
----- Original Message ----- From: "Andrew N."> Thanks Joshua. In the mean time I will try subneting. Should be a walk in > the park.No problem Andrew. Let me know if you need any help. I''ll be in and out tonight. Joshua Banks
> How can I white list machines in the LAN without subnetting the LAN. > For example when I try to add machines in the "OPS" host zone, itseem to> except only subnets or single machines. > A comma separated list does not work. > > Thank you.Ok, your talking in the hosts file, right? Sounds like you have a verson prior to 1.4.6 if it will not except the list on one line. Http://shorewall.net/Documentation.htm#hosts You can have the same zone listed more than once, you just have to make host part different for each one. #ZONE HOST(S) OPTIONS OPS eth0:10.0.0.54 OPS eth0:10.0.0.96 OPS eth0:10.0.0.121 loc eth0:10.0.0.0/24 You could have other gotcha hinding in you config files, like the order in the policy, zone files. Please post the requested info from the troubleshooting guide. Make for less guess work. Jerry Vonau> ~Andrew. > ----- Original Message ----- > From: "Tom Eastep" <teastep@shorewall.net> > To: "Mailing List for Experienced Shorewall Users" > <shorewall-users@lists.shorewall.net> > Sent: Wednesday, February 25, 2004 10:56 PM > Subject: Re: [Shorewall-users] Whitelist > > > > On Wed, 25 Feb 2004, andrew wrote: > > > > > Can any one help me to white-list a few machines on a local net? > > > > >From the Shorewall Home page, go to Documentation->White ListCreation> > > > If there is something there that you don''t understand, please askspecific> > quesitons. > > > > -Tom > > -- > > Tom Eastep \ Nothing is foolproof to a sufficiently talentedfool> > Shoreline, \ http://shorewall.net > > Washington USA \ teastep@shorewall.net > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > > Support: http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.595 / Virus Database: 378 - Release Date: 2/25/2004 > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm