Marco Salimu
2009-Oct-23 08:52 UTC
[Fwd: Re: Ref: Block local net to access internet but access DMZ webserver]
Thank You Tom, The soln you provided is working but what if i want to REJECT a network not a host ip.?> Good point Tom, Thanks > > On 10/18/09, Tom Eastep <teastep@shorewall.net> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Red Baron wrote: >>> Without your configs, this wont be exact, bu assuming your zones are >>> named as you said, add this to your rules >>> >>> >>> DROP local:<host ip> net >> >> It is a bit friendlier to your users to use REJECT rather than DROP for >> outgoing rules. >> >> - -Tom >> - -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iEYEARECAAYFAkrbXmIACgkQO/MAbZfjDLIEZQCfbgHfN7fvQmwTlvqnaaNxjMxU >> F98An3VPmmWgJMGyax+vNPNa7oG6dEgU >> =8HL0 >> -----END PGP SIGNATURE----- >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and >> stay >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> http://p.sf.net/sfu/devconference >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > -- > Sent from my mobile device > > >-- with rgds Marco Salimu IT Manager [ P.o. Box 1546] Mob: +255 784 370294 Mob: +255 715 370294 Tel: +255 27 8218 Fax: +255 27 8273 Email: ******************************* marco@seda.or.tz smarcos2001@yahoo.com smarcos2001@hotmail.com marco_salim@wvi.org Marco.magnus@gmail.com ******************************** -- with rgds Marco Salimu IT Manager [ P.o. Box 1546] Mob: +255 784 370294 Mob: +255 715 370294 Tel: +255 27 8218 Fax: +255 27 8273 Email: ******************************* marco@seda.or.tz smarcos2001@yahoo.com smarcos2001@hotmail.com marco_salim@wvi.org Marco.magnus@gmail.com ******************************** ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
Tom Eastep
2009-Oct-23 14:28 UTC
Re: [Fwd: Re: Ref: Block local net to access internet but access DMZ webserver]
Marco Salimu wrote:> Thank You Tom, > > The soln you provided is working but what if i want to REJECT a network > not a host ip.?Replace the host ip with the network in CIDR format (e.g., 192.168.1.32/27). See http://www.shorewall.net/configuration_file_basics.htm#SOURCE-DEST -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference