Thanks Tom. You're alternatives are neater; Defining a variable in params
looks perfect for me.
On Tue, Aug 20, 2013 at 6:57 AM, Tom Eastep <[email protected]> wrote:
> On 8/19/2013 9:11 PM, johnny bowen wrote:
> > I'd like to better organize my rules file for a couple of lines that
> > defines several IP addresses. I have something like this
> >
> > ACCEPT
> > net:
> 192.168.0.0/24,192.168.1.0/24,192.168.3.0/24,192.168.7.34,192.168.5.43,etc,etc
> > <
> http://192.168.0.0/24,192.168.1.0/24,192.168.3.0/24,192.168.7.34,192.168.5.43,etc,etc
> >
> > $FW tcp 3306
> >
> > Anyway my problem is that I list about 20 ips and two ranges and it's a
> > bit cluttered. I was reading into using zones and hosts and I was
> > thinking I could do something like:
> >
> > ZONE
> > myAsteriskComputers:net ipv4
> >
> > Host
> > myAsteriskComputers net:(list all the ips here)
> >
> > Rule
> > ACCEPT myAsteriskComputers $FW tcp 3306
> >
> >
> > will that work?
>
> The concept is correct, but the name 'myAsteriskComputers' is much to
> long. See shorewall-zones(5) for restrictions on the length of a zone name.
>
> There are other alternatives:
>
> a) Shell Variable
>
> /etc/shorewall/params:
>
> ASTERISK=net:(list all the ips here)
>
> /etc/shorewall/rules:
>
> ACCEPT $ASTERISK $FW tcp 3306
>
> b) Action
>
> /etc/shorewall/actions:
>
> Asterisk
>
> /etc/shorewall/action.Asterisk
>
> ACCEPT (list all ips here)
>
> /etc/shorewall/rules:
>
> Asterisk net $FW tcp 3306
>
> I personally use approach b) for allowing the Shorewall mirror sites
> access via rsync.
>
> Note that in the action.Asterisk file, you can specify one ip per line
> as in:
>
> ACCEPT ip1,\
> ip2,\
> ...
> ipn
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Introducing Performance Central, a new site from SourceForge and
> AppDynamics. Performance Central is your source for news, insights,
> analysis and resources for efficient Application Performance Management.
> Visit us today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
