Hi Boris

Am 29.07.2013 18:17, schrieb Boris:
> Hej all,
> 
> 
> I'm looking for help in a shorewall rule thing:
> 
> There's a local software on 192.168.20.1 communicating on some ports
> with several hosts in the net, so the rules sound like
> 
> ACCEPT     loc:192.168.20.1     net:host1.theirdom.de    80,443
> ACCEPT     loc:192.168.20.1     net:host2.theirdom.de    80,999
> 
> host1 is resolved to a different IP than host2.
> 
> Because the communication still doesn't work, I was asking (at least
> three times) for the complete set of communications that have to be
> accepted and got new rules every time.
> Now, that it's beginning to hurt, they tell me I should accept traffic
> to all hosts *.theirdom.de. In fact, theirdom.de cannot be resolved.
> 
> So, what to do? Is it possible to work with a wildcard? The longer I
> think about, it seems to be nonsense....

AFAIK iptables, and therefor shorewall, does not support wildcards for
domains.
Supported are ip ranges,
see http://shorewall.net/configuration_file_basics.htm#IPRanges

For more in-depth knowledge you'd better ask on shorewall mailing-lists.

regards kp

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to