thr3ads.net - Shorewall users - REJECT for all with 2 exceptions [Jan 2009]

If this information is useful, please help other people find it:
Share via:

Grant

2009-Jan-22 19:02 UTC

REJECT for all with 2 exceptions

I''m trying to REJECT all traffic from the net to my system with 2
exceptions.  I''d like to DROP traffic coming into port 99 and ACCEPT
traffic coming into port 99 if it comes from a certain IP address.

policy:
net all REJECT info

rules:
DROP net $FW tcp 99
DROP net $FW udp 99
ACCEPT net:1.2.3.4 $FW tcp 99
ACCEPT net:1.2.3.4 $FW udp 99

This ends up dropping all traffic to port 99 regardless of originating
IP address.  Can I do what I described?

- Grant

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword

Shorewall Guy

2009-Jan-22 19:21 UTC

head link

Re: REJECT for all with 2 exceptions

Grant wrote:> I''m trying to REJECT all traffic from the net to my system with 2
> exceptions.  I''d like to DROP traffic coming into port 99 and
ACCEPT
> traffic coming into port 99 if it comes from a certain IP address.
> 
> policy:
> net all REJECT info
> 
> rules:
> DROP net $FW tcp 99
> DROP net $FW udp 99
> ACCEPT net:1.2.3.4 $FW tcp 99
> ACCEPT net:1.2.3.4 $FW udp 99
> 
> This ends up dropping all traffic to port 99 regardless of originating
> IP address.  Can I do what I described?
Put the rules in the order in which you want them applied.

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword

Grant

2009-Jan-22 19:56 UTC

head link

Re: REJECT for all with 2 exceptions

>> I''m trying to REJECT all traffic from the net to my system
with 2
>> exceptions.  I''d like to DROP traffic coming into port 99 and
ACCEPT
>> traffic coming into port 99 if it comes from a certain IP address.
>>
>> policy:
>> net all REJECT info
>>
>> rules:
>> DROP net $FW tcp 99
>> DROP net $FW udp 99
>> ACCEPT net:1.2.3.4 $FW tcp 99
>> ACCEPT net:1.2.3.4 $FW udp 99
>>
>> This ends up dropping all traffic to port 99 regardless of originating
>> IP address.  Can I do what I described?
>
> Put the rules in the order in which you want them applied.
Fixed, thank you!

- Grant

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword

Shorewall users - Jan 2009 - REJECT for all with 2 exceptions

REJECT for all with 2 exceptions

Re: REJECT for all with 2 exceptions

Re: REJECT for all with 2 exceptions