Re: [Shorewall-users] Access to Server frm authorized range of IPs only

Mon, 15 Jun 2009 06:20:05 -0700 




----- Original Message ----
> From: Linux Advocate <[email protected]>
> To: Shorewall Users <[email protected]>
> Sent: Monday, June 15, 2009 8:15:45 AM
> Subject: Re: [Shorewall-users] Access to Server frm authorized range of IPs 
> only
> 
> 
> will do tom thanx.
> 
> 
> 
> ----- Original Message ----
> > From: Tom Eastep 
> > To: Shorewall Users 
> > Sent: Sunday, June 14, 2009 11:24:38 PM
> > Subject: Re: [Shorewall-users] Access to Server frm authorized range of IPs 
> only
> > 
> > Tom Eastep wrote:
> > > Linux Advocate wrote:
> > >> Guys,
> > >>
> > >> i know i saw this somewhere but i cant seem to locate that info now...
> > >>
> > >> Scenario:
> > >> ...............
> > >>
> > >> I have a simple two interface firewall. The firewall machine also 
> > >> provides 
> > some services to the LAN and to the NET.
> > >> What i would like to do is allow only a particular range of IPs frm the 
> > internet to access those services. 
> > >>
> > >> What do i need to do with my 'rules' file. Ideally i should be able to 
> > >> add 
> ip 
> > , remove ip as required.
> > >>
> > >> Can i make a file called 'Authorized_IP.txt' and use that?
> > > 
> > > No. But in /etc/shorewall/params, you can add:
> > > 
> > >     Authorized=,,...,
> > 
> > Note that the list elements can be anything legal in a rule: IP ranges,
> > networks addresses, etc.
> > 


for record purposes; i did what tom recommended as shown below;

in 'params' file

AUTH_IP=60.48.0.0-60.54.255.255,
        202.75.4.0-202.75.7.255,
        202.186.0.0-202.187.255.255,
        203.82.64.0-203.82.95.255

in 'rules' file

HTTP/ACCEPT     net:$AUTH_IP             $FW             tcp 80,2812

works well, exactly what i needed. thanx !



      

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to