On Thu, Aug 16, 2012 at 9:46 AM, Aaron St. Pierre <[email protected]> wrote:
> Hello,
>
> I've recently signed up for probe service through pingdom. They have many
> probe servers all over the world. Currently I'm not allowing ping from the
> net zone to my firewall. I'd like to track response time so I'd like to
> allow ping from the probe servers to my firewall. There are about 30 probe
> servers and that list changes from time to time. Anyway I know that I could
> do through directly through the rules file but I was wondering if there was
> a better approach? I could have sworn there was a whitelist file somewhere
> but the documentation ( http://shorewall.net/blacklisting_support.htm )
> suggests it's only through the rules file.
>
> Is the proper way to do this through the rules file and just a big list of
> IP's?
>
> Thanks for your help!
>
> --
>
> Aaron
>
I ended up creating two variables in the /etc/shorewall/params file one
with the comma separated list of IP's and the other describing the
zone:IPs. Then I just added a simple rule in the rules file like so:
PING(ACCEPT) $NET_PINGDOM_PROBE_IPS $FW_PUB
And below this I have my PING(DROP)'s.
Things seems to be working fine and I'm able to get responses to the probe
servers.
I'm new to shorewall so if this isn't the proper way please let me know!
Thanks again!
--
Aaron
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
