> I have installed pmfirewall onto my box, with problems, (ie doesn't
> support virtual IP's or multiple domains.)
> so unless you go to my static IP, you can access nothing, all the domains
> get cut off.
Can you use name-based virtual hosts? This would eliminate the need for
dummy IPs.
> so my problem, I need to replicate my static IP rules for all the virtual
> IP's of ppp0.
This is actually a bit more complicated than you might think. There are
quite a few rules generated and they're spread across several files. It
would not be too hard if you understand ipchains rules and shell scripting
fairly well but you might as well write your own scripts if that's the case.
Warning. I have not tested this but I have wondered if I could install a
copy of PMfirewall for each set of IPs being firewalled/masqueraded. This
would require me to:
a - manually enter the devices and IPs during the PMfirewall scripts
b - keep the config files in seperate locations
c - run the scripts manually or edit the system V scripts so each
configuration is run
d - maybe edit a rule or two from each configuration if some sort of global
restriction is applied
This is not a pretty solution but it's quick and easy.
> it seems silly that this was not built into pmfirewall from scratch, its
> such a basic thing.
It appears basic but think of the config file explosion that would take
place. Now think of the complexity of the questions that the script would
have to ask. You're talking about an order of magnitude increase in
complexity.
I hope this helps.
Cheers,
Scott Patten
