Hi, this is what I would do! keep your policy very simple: /etc/shorewall/policy loc net ACCEPT all all REJECT
and specify what can come through in the rules files: here you add this: #ACTION SOURCE DEST PROTO DEST SOURCE # PORT PORT ACCEPT net:121.121.12.11 loc:192.168.1.2 - - 511 I hope this helped you! Grtz, Tom Citeren Arpan Jindal <[EMAIL PROTECTED]>: > hi all > > i have installed shorewall on linux machine. shorewall machine is having 2 > lan cards on having public ip(121.121.12.12) and other having local lan ip( > 192.168.1.1). The input for public ip(121.121.12.12) is coming from cisco > router having ip address(121.121.12.11). There is one more machine in local > lan having nagius running on it and with ip 192.168.1.2. > > Issues i am facing is to set which rule in shorewall so that shorewall only > allow traffic from router (121.121.12.11)with port 511 can go to 192.168.1.2 > . > > > > but i want to make shure that that port should not be open for rest all. > > > > Thanks > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > ------------------------------------------------------------------------ > leaf-user mailing list: [email protected] > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
