Linux Advocate wrote: > > > > > ----- Original Message ---- >> From: Linux Advocate <[email protected]> >> To: Shorewall Users <[email protected]> >> Sent: Monday, June 15, 2009 8:15:45 AM >> Subject: Re: [Shorewall-users] Access to Server frm authorized range of IPs >> only >> >> >> will do tom thanx. >> >> >> >> ----- Original Message ---- >>> From: Tom Eastep >>> To: Shorewall Users >>> Sent: Sunday, June 14, 2009 11:24:38 PM >>> Subject: Re: [Shorewall-users] Access to Server frm authorized range of IPs >> only >>> Tom Eastep wrote: >>>> Linux Advocate wrote: >>>>> Guys, >>>>> >>>>> i know i saw this somewhere but i cant seem to locate that info now... >>>>> >>>>> Scenario: >>>>> ............... >>>>> >>>>> I have a simple two interface firewall. The firewall machine also >>>>> provides >>> some services to the LAN and to the NET. >>>>> What i would like to do is allow only a particular range of IPs frm the >>> internet to access those services. >>>>> What do i need to do with my 'rules' file. Ideally i should be able to >>>>> add >> ip >>> , remove ip as required. >>>>> Can i make a file called 'Authorized_IP.txt' and use that? >>>> No. But in /etc/shorewall/params, you can add: >>>> >>>> Authorized=,,..., >>> Note that the list elements can be anything legal in a rule: IP ranges, >>> networks addresses, etc. >>> > > > for record purposes; i did what tom recommended as shown below; > > in 'params' file > > AUTH_IP=60.48.0.0-60.54.255.255, > 202.75.4.0-202.75.7.255, > 202.186.0.0-202.187.255.255, > 203.82.64.0-203.82.95.255 > > in 'rules' file
That exact statement would have resulted in a syntax error. To put the ranges on separate lines, you would rather need: AUTH_IP=60.48.0.0-60.54.255.255,\ 202.75.4.0-202.75.7.255,\ 202.186.0.0-202.187.255.255,\ 203.82.64.0-203.82.95.255 Furthermore, I would have written the last three differently: AUTH_IP=60.48.0.0-60.54.255.255,\ 202.75.4.0/22,\ 202.186.0.0/15,\ 203.82.64.0/19 That form results in slightly faster comparison. The'shorewall iprange' command is your friend, provided that you are running Shorewall 4.2.9 where the command was corrected or that you are running 4.0 (before the command was broken). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
