Re: [Shorewall-users] var in file PARAMS not read - CONTINUE

Tom Eastep Sat, 06 Oct 2012 12:06:10 -0700

On 10/06/2012 10:49 AM, I.S.C. William wrote:
> 
> 
> 2012/10/6 Tom Eastep <[email protected] <mailto:[email protected]>>
> 
>     On 10/06/2012 07:38 AM, I.S.C. William wrote:
> 
>     >
>     > I tried to do everything from scratch, uninstall shorewall,
>     reconfigure
>     > everything and still the same problem.
>     > Other rules work well, what does not work is that the variables
>     used in
>     > the file "PARAMS" are not read in the file "RULES".
>     >
>     > Sending back my full shorewall firewall and compiled into. I would
>     > appreciate your support in order to implement this right.
>     >
>     > My version shorewall: 4.4.26.1
>     > S.O. Ubuntu Server (update)
> 
>     Is the 'firewall' script you sent compiled from the configuration files
>     that you sent or is it what you want your firewall to look like?
> 
>     Thanks,
>     -Tom
>     --
> 
> 
> 
> As I mentioned, I had uninstalled the shorewall, I went to install and
> still have the same problem, I just sent him the new configuration I
> have, my whole directory shorewall and "firewall" compiled "shorewall
> compiler firewall"
> 
> I sent it I'm currently using, but the variables within PARAMS not read
> the rules file.
> 
> Otherwise the rules work perfectly unused variables.


I modified two lines of your rules file and now the same ruleset is
generated as the 'firewall' script you sent me.

-Tom
-- 
--
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

COMMENT == DENEGANDO PUERTO SEGURO (443) A : FACEBOOK ===
REJECT  loc:!$MAC_LOC_FACE      net:$NET_FACE_RANG      tcp     443
REJECT  loc:!$MAC_LOC_FACE     net:$NET_FACE_SRED      tcp     443
REJECT  loc:!$MAC_LOC_FACE     net:$NET_FACE_IP        tcp     443

#ACCEPT  loc:$MAC_LOC_FACE       net:$NET_FACE_RANG      tcp     443
#ACCEPT  loc:$MAC_LOC_FACE       net:$NET_FACE_SRED      tcp     443
#ACCEPT  loc:$MAC_LOC_FACE       net:$NET_FACE_IP        tcp     443
#COMMENT ==================================================

#COMMENT == DENEGANDO SERVICIOS DROPBOX ===
#HTTPS/REJECT    loc:!$MAC_DBOX  net:$IP_DROPBOX
#
#COMMENT == DENEGANDO PUERTO SEGURO (443) A : IMO.IM ==
#HTTPS/REJECT    all     net:64.13.161.61,64.13.128.0/18 -       443
#COMMENT ==============================================
#
COMMENT == DENEGANDO PUERTO SEGURO (443) A : MEEBO.COM ==
HTTPS/REJECT    loc     net:208.81.188.0/22,74.114.24.0/21      -       443
COMMENT ==============================================
#
COMMENT == DENEGANDO PUERTO SEGURO (443) A : TWITTER ==
HTTPS/ACCEPT    loc:$MAC_LOC_TWIT       net:$NET_TWIT_RANG
HTTPS/REJECT    loc                     net:$NET_TWIT_RANG
COMMENT ==============================================
#
ACCEPT  loc     net:170.169.33.22       all
ACCEPT  loc     net:200.23.91.0/24      all
COMMENT ===========   Opciones de Proxy ============
Web/ACCEPT      net     all
ACCEPT  loc     $FW     tcp     80,3018,9090
ACCEPT  $FW     loc     tcp     80,3018,9090
REDIRECT        loc     3018    tcp     80,81,82,3128,8000,8080,9090    -       
!200.33.74.112,148.244.43.5,148.244.43.32
COMMENT =========== :: SSH (Default 22) :: ============
SSH(ACCEPT)     net     $FW     tcp     3366
SSH(ACCEPT)     loc     $FW     tcp     3366
COMMENT ===========  Accesos DNS ============
DNS/ACCEPT      all     all
COMMENT =========== :: HTTPS (443) :: ============
HTTPS/ACCEPT    all     all
COMMENT =========== :: Webmin (10000) :: ============
Webmin/ACCEPT   all     all
COMMENT ==== Accesos Correo Electronico =======
Mail/ACCEPT     all     net
IMAP/ACCEPT     all     net
IMAPS/ACCEPT    all     net
POP3/ACCEPT     all     net
POP3S/ACCEPT    all     net
COMMENT =========== :: PPTP () :: ============
PPtP/ACCEPT     all     all
COMMENT ===========  :: MESSENGER (1863):: ============
ACCEPT  loc     all     tcp     1863,6891:6900,6901,9000:9999,5004:65535,1503
#REDIRECT        loc     16667   tcp     1863

#ACCEPT loc:$MAC_LOC_MSN        net     tcp     
1863,6891:6900,6901,9000:9999,5004:65535,1503
#ACCEPT loc:$MAC_LOC_MSN        all     tcp     16667
#REDIRECT       loc:$MAC_LOC_MSN        16667   tcp     1863

COMMENT ============= :: NTP (Port: tcp 123) :: ==================
NTP/ACCEPT      all     all
COMMENT ============= :: Outlook (Port: tcp 587) :: ==================
ACCEPT  all     all     tcp     587

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] var in file PARAMS not read - CONTINUE

Reply via email to