Marco Salimu wrote: > Hi Tom and others > Hope this mail finds you ok > Thanks for many help you have provided to me and they have been working well. > > On this issue, i have not yet succeeded to block local net to access > internet but continue accessing DMZ. > > I think the Main reason is that local net are getting internet through > proxy server at Firewall server. so if i block local net the shorewall > does not see the local net accessing internet rather the firewall int > self.
Change the loc->net policy to REJECT and add a log level to the LOG
LEVEL column in /etc/shorewall/policy.
Example:
REJECT loc net info
Note that you may have to add a rule or two to get that to work. For
example, you might have to add:
DNS(ACCEPT) loc net
so that your local hosts can resolve DNS names.
And if that doesn't do what you want, please follow the instructions at
http://www.shorewall.net/support.htm#Guidelines.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
