On Wed, 21 Aug 2002 16:29:01 +0200 Blaise Lab wrote:
> Hello,
>
> I use the ip addresses 192.168.100.x on my LAN. My firewall is bering
> 1.0.rc3.
[snip]
> So how can I configure the firewall as he only accepts trafic from LAN to
> Internet only for internal ip addresses 192.168.100.1 to 192.168.100.20 ?
Tom or others might provide better answers, but the approach I
would take (assuming you're using the shorewall default zones
and polices and that you want to allow/block all traffic) is to
add the policy
loc net REJECT info
to /etc/shorewall/policy, add
ALLOWED_HOSTS=192.168.100.1,192.168.100.2, ... ,192.168.100.20
to /etc/shorewall/params, and
ACCEPT loc:$ALLOWED_HOSTS net all
If you had said "allow 192.168.100.1-30",
ALLOWED_HOSTS=192.168.100.1/28
would be more efficient.
--Brad
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
