On 12/30/2014 6:54 PM, Alex Aminoff wrote: > > I was able to set up shorewall in combination with a few perl scripts to > let me easily drop and allow my daughters' machines from accessing the > internet (they are 7 and 10 years old). I used "shorewall drop/allow > dynamic". However, now I want their machines to be able to still connect > to the household firewall itself, even when they are on the dynamic > blacklist. I tried adding to the blrules file > > WHITELIST loc:10.0.0.0/24 $FW > > but that does not appear to work. I read the documentation about > blacklisting/whitelisting that I could find but could not see an obvious > solution. > > I was able to get it to work by manually running iptables -I commands, > but that only works until shorewall restarts.
Dynamic blacklisting is applied before any static entries in the blrules file. So it isn't possible to use WHITELIST to override dynamic blacklist entries. If you want to deny internet access based on time and day of the week, you can use the TIME column in the rules file. If you want to make it dynamic based on commands, then either ipsets or switches (http://www.shorewall.org/configuration_file_basics.htm#Switches) are an option. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
