Thomas Mørch wrote: > I'm trying to divide my local network into sections, I have defined the > following "sub-subnets" : > kids eth0:192.168.2.192/26 <http://192.168.2.192/26> > voks eth0:192.168.2.128/26 <http://192.168.2.128/26> > stat eth0:192.168.2.127/25 <http://192.168.2.127/25> > With some dhcp rules, I assign different addresses to the kidds > computers, than to the other computers. > > What I wanted is that the kidds doesn't have access to SSH on the > firewall, only computers in the voks zone. > > I have tried to make the following rule : > SSH/ACCEPT voks $FW > > But that just shuts down access to SSH on the server, the normal rule : > SSH/ACCEPT loc $FW > works ok, and I can connect to the firewall using ssh (but also from the > kids "network" > > I know that it is rather easy to circumvent my lockups, but I don't > expect the kidds to know how to change the IP address of their computer > yet (they are 10 and 8 years, which should give me a couple of years > before they figure something out :)) > > Also It is just for my own "fun" and learning that I want to set it up
We can tell you nothing without seeing the output of "shorewall dump". See http://www.shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
