Hi all
I am trying to get ipsets to work
how ever I seem to come across a problem I don''t quite understand ..
I wan''t friend nets ( white zone ) to be able to log into the firewall
I am using ipsets for this ..
I went through to ipsets shorewall howto page
But I does''nt seem to work propely ...
I'' ve tried both
wild card on interfaces
- eth0 .....
- eth1 .....
and in hosts
net eth0:0.0.0.0/0
net eth0:0.0.0.0/0
and without wild cards
Interfaces
net eth0 ....
net eth1 ....
Common in both cases was the
zones file
white ipv4
hosts
white eth0:+whitehosts,+whitenets
white eth1:+whitehosts,+whitenets
shorewall dump shows that the eth0_in chain
the white2fw rule gets inserted bellow the net2fw
My policy rule is
net fw drop
-----------------------------------------------------------------------------------------------------------------------------------------------------------
43 3972 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
43 3972 smurfs all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
19 912 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
133 11532 net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 white2fw all -- * * 0.0.0.0/0
0.0.0.0/0 set whitehosts src
0 0 white2fw all -- * * 0.0.0.0/0
0.0.0.0/0 set whitenets sr
----------------------------------------------------------------------------------------------------------------------------------------------------------
I manually did
a
iptables -I eth0_in -m set --set whitehosts src -j white2fw
iptables -I eth0_in -m set --set whitehosts src -j white2fw
that is inserting on top of the chain ..... and it all worked :-\ ........
I include my shorewall.dump file
Thanks in Advance
Harry.
------------------------------------------------------------------------------