hello Jim i don't know if it is possible to do that kind of filter with shorewall but by hand you can ACCEPT those packets to the specified ports only if they come from one specified network interface (here you can put you 'private' - normaly eth0).
for example: $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -j ACCEPT where IPTABLES="/usr/sbin/iptables" and $LAN_IFACE is our incoming interface (private one) this rule accept all packets from all the protocols from interface $LAN_IFACE for more info please read Iptables Tutorial by Oskar Andreasson @ http://www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial. html bye ----- Original Message ----- From: "Jim C" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 24, 2003 10:52 PM Subject: [expert] Firewalls - iptables > I have a problem not just with shorewall but with every Linux firewall > I've ever come acrossed includeing gShield. > > I need to enable say 4 or 5 specific ports on my internal network but I > do *NOT* want the available to the net. The ports in question are the > LDAP / Samba ports which are used for authentication. We can assume > that shorewall has the ports closed on all interfaces. I've found that > if I specify them in the "Advacned" box, that shorewall throws them open > to the world which is definately unacceptable behaviour. My questions > then are as follows: > > 1. Is there a way to specify origin on the Advanced line such that I > could say that if a packet arrives for this port on this interface, then > drop/reject whatever? > > 2. Alternatively, is there a way to write a simple iptables rule that > superceeds all others and is preferably interface specific? What might > the syntax for this be? I see no reason to spend a day or so studying > iptables just to figure out how to write 1 line, if such were possible. > > > > Jim C. > > > > ---------------------------------------------------------------------------- ---- > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
