Hi mike,
just edit your policy file:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW net REJECT info
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
And leave your rules file like it is right now
Shorewall will always take a look inside the rules file first and only after
not finding a matching rule here, shorewall will take a look inside the policy
file. That's why you should be able to ping and make http, https and ftp to the
net, because shorewall finds matching rules in your rule file.
Hope this helps!
Regards
Alex
Von: mike lan [mailto:[email protected]]
Gesendet: Mittwoch, 28. Dezember 2011 10:17
An: Shorewall Users
Betreff: [Shorewall-users] setup shorewall for specific ports only
Hello
I would like to setup shorewall for some ports only (i.e allow to surf the net
http and https and access ftp only and nothing else )
I've used the one interface firewall example with a policy file :
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW net ACCEPT info
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
and on the rules file :
ACCEPT $FW net icmp
ACCEPT $FW net tcp http,https,ftp
restarted shorewall
But I've noticed that I can still send packets on other ports that those
specified on the rules. ex : running transmission for instance
thanks taking time to reply
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
