This rule seems to work for me, please try if you like them works already. SECTION BLACKLIST # HTTPS(REJECT) all net:69.171.224.0-69.171.255.255,66.220.144.0-66.220.159.255 tcp # SECTION NEW ..... ..
2012/3/15 I.S.C. William <[email protected]>: > I found this iptables rule that works very well, but .. > How I can interpret this in shorewall rules? > > --------------------------------------------------------------- > > FACEBOOK_ALLOW="192.168.1.12 192.168.1.14 192.168.1.111" > iptables -N FACEBOOK > > iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range > 66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK > iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range > 69.63.176.0-69.63.191.255 --dport 443 -j FACEBOOK > iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range > 204.15.20.0-204.15.23.255 --dport 443 -j FACEBOOK > iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range > 66.220.144.0-66.220.159.255 --dport 80 -j FACEBOOK > iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range > 69.63.176.0-69.63.191.255 --dport 80 -j FACEBOOK > iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range > 204.15.20.0-204.15.23.255 --dport 80 -j FACEBOOK > > ## FACEBOOK ALLOW > for face in $FACEBOOK_ALLOW; do > iptables -A FACEBOOK -s $face -j ACCEPT > done > iptables -A FACEBOOK -j REJECT > > --------------------------------------------------------------- > I see that IP range blocks > > Greetings!! > > 2012/3/14 Tom Eastep <[email protected]> >> >> On 3/14/12 1:06 PM, "I.S.C. William" <[email protected]> wrote: >> >> I understand this, telling me that the rules, I must put first the >> rules REJECT (if there) and then ACCEPT rules? >> >> If this could give me the syntax of the rules as they should be, I >> mean: REJECT rules first, then the ACCEPT rules, the rulesafter DROP, >> REJECT .. etc. >> >> >> There is only one thing to remember: The first rule that matches a >> connection determines the disposition of that connection. The exception is >> rules whose TARGET is LOG; those log the packet only. >> >> -Tom >> You do not need a parachute to skydive. You only need a parachute to skydive >> twice. >> > > > > -- > I.S.C. William López Jiménez > -- > User Linux # 379636 > MSN [email protected] > Jabber [email protected] > Web: www.koalasoftmx.tk > Twitter: @koalasoft > Facebook: william.koalasoft -- I.S.C. William López Jiménez -- User Linux # 379636 MSN [email protected] Jabber [email protected] Web: www.koalasoftmx.tk Twitter: @koalasoft Facebook: william.koalasoft ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
