Is there an easier way to do ACLs in Shorewall?
I am currently writing out lots of lines in the rules file that differ only
by an IP address.
Instead of writing rules like:
SSH(ACCEPT) wan:some.ip.addr dmz tcp 22
SSH(ACCEPT) wan:ano.ther.ip.addr dmz tcp 22
SSH(ACCEPT) wan:home.ip.addr dmz tcp 22
Can I do something like:
#/etc/shorewall/acls
trusted some.ip.addr
trusted ano.ther.ip.addr
trusted home.ip.addr
#/etc/shorewall/rules
SSH(ACCEPT) wan:trusted dmz tcp 22
Am I missing something in the docs?
The reason I'm asking is one particular client is expanding rapidly and the
offices need to 'mesh'. Each new office requires me to add another line to
all the existing firewalls. It's easy with a handful of offices. It's
much more difficult with hundreds of offices.
-A
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
