-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 24 January 2003 05:52 pm, Jim C wrote: > I have a problem not just with shorewall but with every Linux firewall > I've ever come acrossed includeing gShield. > > I need to enable say 4 or 5 specific ports on my internal network but I > do *NOT* want the available to the net. The ports in question are the > LDAP / Samba ports which are used for authentication. We can assume > that shorewall has the ports closed on all interfaces. I've found that > if I specify them in the "Advacned" box, that shorewall throws them open > to the world which is definately unacceptable behaviour. My questions > then are as follows: > > 1. Is there a way to specify origin on the Advanced line such that I > could say that if a packet arrives for this port on this interface, then > drop/reject whatever? > > 2. Alternatively, is there a way to write a simple iptables rule that > superceeds all others and is preferably interface specific? What might > the syntax for this be? I see no reason to spend a day or so studying > iptables just to figure out how to write 1 line, if such were possible. > > > > Jim C.
Hi Jim, It's very possible to do what you're asking, however, first how many nics do you have in the machine you're running the firewall on? To do what you want to do us easiest with two nics and Shorewall will do what you're after. - -- Mark - ----------------------------------------------------------- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 & 9.0 ICQ# 27816299 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+MfirJuZ1geTzHgERAp+2AKDKG6zoJer9zXJOjE3PM7a84xkRnQCfR2NG HQA5iaYXfFFZIUX+zqD8zMo= =TDJa -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
