On 11/26/2012 10:23 AM, Aaron C. de Bruyn wrote: > Is there an easier way to do ACLs in Shorewall? > I am currently writing out lots of lines in the rules file that differ > only by an IP address. > > Instead of writing rules like: > SSH(ACCEPT) wan:some.ip.addr dmz tcp 22 > SSH(ACCEPT) wan:ano.ther.ip.addr dmz tcp 22 > SSH(ACCEPT) wan:home.ip.addr dmz tcp 22 > > Can I do something like: > #/etc/shorewall/acls > trusted some.ip.addr > trusted ano.ther.ip.addr > trusted home.ip.addr > > #/etc/shorewall/rules > SSH(ACCEPT) wan:trusted dmz tcp 22 > > Am I missing something in the docs?
ipsets? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
