Shorewall users - Oct 2009 - Ref: Block local net to access internet but access DMZ webserver

Hi, hope this email finds you well

I have one scenario, i want to Block local zone or some machine in local
zone to access internet/net zone but have to access DMZ web server. how do
i go about it

pls help

NOTE:
I have a setup of three interface/zone

-- 
with rgds

Marco Salimu
IT Manager
[ P.o. Box 1546]
Mob: +255 784 370294
Mob: +255 715 370294
Tel: +255 27 8218
Fax: +255 27 8273
Email:
*******************************
marco@seda.or.tz
smarcos2001@yahoo.com
smarcos2001@hotmail.com
marco_salim@wvi.org
Marco.magnus@gmail.com
********************************


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference

Without your configs, this wont be exact, bu assuming your zones are
named as you said, add this to your rules


DROP local:<host ip> net



On 10/18/09, Marco Salimu <marco@seda.or.tz>
wrote:
>
> Hi, hope this email finds you well
>
> I have one scenario, i want to Block local zone or some machine in local
> zone to access internet/net zone but have to access DMZ web server. how do
> i go about it
>
> pls help
>
> NOTE:
> I have a setup of three interface/zone
>
> --
> with rgds
>
> Marco Salimu
> IT Manager
> [ P.o. Box 1546]
> Mob: +255 784 370294
> Mob: +255 715 370294
> Tel: +255 27 8218
> Fax: +255 27 8273
> Email:
> *******************************
> marco@seda.or.tz
> smarcos2001@yahoo.com
> smarcos2001@hotmail.com
> marco_salim@wvi.org
> Marco.magnus@gmail.com
> ********************************
>
>
>
------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-- 
Sent from my mobile device

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Red Baron wrote:
> Without your configs, this wont be exact, bu assuming your zones are
> named as you said, add this to your rules
> 
> 
> DROP local:<host ip> net
It is a bit friendlier to your users to use REJECT rather than DROP for
outgoing rules.

- -Tom
- --
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrbXmIACgkQO/MAbZfjDLIEZQCfbgHfN7fvQmwTlvqnaaNxjMxU
F98An3VPmmWgJMGyax+vNPNa7oG6dEgU
=8HL0
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference

Good point Tom, Thanks

On 10/18/09, Tom Eastep <teastep@shorewall.net>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Red Baron wrote:
>> Without your configs, this wont be exact, bu assuming your zones are
>> named as you said, add this to your rules
>>
>>
>> DROP local:<host ip> net
>
> It is a bit friendlier to your users to use REJECT rather than DROP for
> outgoing rules.
>
> - -Tom
> - --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkrbXmIACgkQO/MAbZfjDLIEZQCfbgHfN7fvQmwTlvqnaaNxjMxU
> F98An3VPmmWgJMGyax+vNPNa7oG6dEgU
> =8HL0
> -----END PGP SIGNATURE-----
>
>
------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-- 
Sent from my mobile device

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference