Shorewall users - Mar 2004 - Re: REDIRECT after ACCEPT

On Wednesday 03 March 2004 03:57 pm, Dominik Strnad
wrote:
> Thank you for right syntax.
> But I am realy sad. :-( let me suppose that I am using 192.168.0.0/16
> network and just few Ips are permited and due to this I have to list so
> many
> Subnets and / or hosts to redirect these which are not permited...
Sorry

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Wednesday 03 March 2004 04:00 pm, Tom Eastep wrote:
> On Wednesday 03 March 2004 03:57 pm, Dominik Strnad wrote:
> > Thank you for right syntax.
> > But I am realy sad. :-( let me suppose that I am using 192.168.0.0/16
> > network and just few Ips are permited and due to this I have to list
so
> > many
> > Subnets and / or hosts to redirect these which are not permited...
>
> Sorry
The only other thing that I can think of is:

In /etc/shorewall/rules:

REDIRECT	unh	80	tcp	...

In /etc/shorewall/start:

for address in <list of addresses that don''t get redirected>; do
   run_iptables -t nat -I unh_dnat -s $address -p tcp --dport 80 -j RETURN
done

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net