On 02/13/2014 09:23 AM, I.S.C. William wrote: > How could interpret this code in shorewall? > > --------- > Code in Iptables: > > for URL in `grep -v "^#" /etc/squid/liberados_443`; do > # > iptables -I FORWARD -p tcp --dport 443 -d $URL -j ACCEPT > done > > ------- > > > I need to be able to output only to Internet Web sites I want to give > access. > > Thank you.
Hi William, What you're doing is trying to use DNS names in your firewall config. This is Shorewall FAQ #79; you can find more information about it here: http://www.shorewall.net/configuration_file_basics.htm#dnsnames If you are still sure you want to do this after reading the above page, I would recommend changing the name of the chain from FORWARD to loc2net (or whatever zone names you use), then running that script from cron.hourly or cron.daily with a 'shorewall restart' at the beginning. This is really much better handled by forcing your users through a proxy server and running squidguard, although I know that with mobile devices, this is almost impossible. Regards, Paul ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
