2009/12/17, Tom Eastep <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12/16/2009 06:18 PM, kurniadi wrote: >> Hi all, >> >> >> I Try use shorewall rules with time element but its never works, the >> rules look like this >> >> HTTPS(REJECT) loc >> net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 >> localtz×tart=20:00×top=20:10&weekdays=Mon,Tue,Wed,Thu,Fri >> >> This rules for block https access to facebook site at working hours & >> day My system is Debian lenny, shorewall 4.4.4.2 kernel >> 2.6.30-bpo.2-amd64, the kernel module for time element already >> support. >> > > Shorewall is not the proper tool for trying to limit traffic to a > particular domain. You will never be able to keep up with the list of IP > addresses used by facebook. See Shorewall FAQ 39 for more information. >
Ok maybe this not perpect solution for block https, I will try in squid instead shoerwall. but why time element rule did not work ?, since this feature new in shorewall, im not found working example. Could you tell us example working rules > >> proxycbb:/etc/shorewall# grep MATCH_TIME >> /boot/config-2.6.30-bpo.2-amd64 CONFIG_NETFILTER_XT_MATCH_TIME=m >> >> And one thing /var/log/shorewall-init.log always empty, why ? > > Because no process is writing to it. What configuration options have you > selected that makes you believe that the file should contain messages? I found the problem in my shorewall.conf, empty in option STARTUP_LOG= I already fix it... Kurniadi ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
