Re: [Shorewall-users] Question about using Zones and hosts to define several IP addresses.

Tom Eastep Tue, 20 Aug 2013 07:05:42 -0700

On 8/19/2013 9:11 PM, johnny bowen wrote:
> I'd like to better organize my rules file for a couple of lines that
> defines several IP addresses. I have something like this
> 
> ACCEPT
> net:192.168.0.0/24,192.168.1.0/24,192.168.3.0/24,192.168.7.34,192.168.5.43,etc,etc
> <http://192.168.0.0/24,192.168.1.0/24,192.168.3.0/24,192.168.7.34,192.168.5.43,etc,etc>
> $FW tcp 3306
> 
> Anyway my problem is that I list about 20 ips and two ranges and it's a
> bit cluttered. I was reading into using zones and hosts and I was
> thinking I could do something like:
> 
> ZONE
> myAsteriskComputers:net    ipv4
> 
> Host
> myAsteriskComputers    net:(list all the ips here)
> 
> Rule
> ACCEPT    myAsteriskComputers    $FW    tcp    3306
> 
> 
> will that work?


The concept is correct, but the name 'myAsteriskComputers' is much to
long. See shorewall-zones(5) for restrictions on the length of a zone name.

There are other alternatives:

a) Shell Variable

/etc/shorewall/params:

ASTERISK=net:(list all the ips here)

/etc/shorewall/rules:

ACCEPT  $ASTERISK       $FW     tcp     3306

b) Action

/etc/shorewall/actions:

Asterisk

/etc/shorewall/action.Asterisk

ACCEPT  (list all ips here)

/etc/shorewall/rules:

Asterisk        net     $FW     tcp     3306

I personally use approach b) for allowing the Shorewall mirror sites
access via rsync.

Note that in the action.Asterisk file, you can specify one ip per line
as in:

ACCEPT  ip1,\
        ip2,\
        ...
        ipn

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Question about using Zones and hosts to define several IP addresses.

Reply via email to