-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Susan McConnell wrote:> I am looking at using Shorewall in a local college. There will be a
default> set of firewall rules, but for some lessons certain classrooms will be
> granted full Internet access (this will be done by the lecturer via a web
> interface). I am seeking suggestions for the best way to implement this
> under Shorewall. I think it might make sense to make each classroom a
> separate zone, but is there a dynamic Shorewall command to say "apply
the
> following rules for zone X now"? It''s easy enough with raw
iptables
> commands, but I''m loath to do that.
Define a dynamic zone that is allowed internet access. You can then
simply add the class systems to that zone via the "shorewall add"
command. Note that in Shorewall 2.1.10, you can add a range of IP
addresses -- in earlier versions, you can only add a network (expressed
in CIDR notation).
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBZAM2O/MAbZfjDLIRAuQnAJ4pV1Dxp64bKACX/H+z5boaccSKQQCaA1WG
CgHddGErrA7IDLjlTDrqH/4=G2P3
-----END PGP SIGNATURE-----