On 5/18/2015 7:13 AM, Tom Eastep wrote: > On 5/17/2015 7:52 PM, AleCaste wrote: >> Thanks Tom, >> >> We tried adding the following rules in the ALL section: >> >> NFQUEUE(0) net $FW tcp http,https >> ACCEPT $FW net tcp http,https > > That rule allow *outgoing* web connections. You need: > > NFQUEUE(0) $FW net tcp - 80,443 >
Of course, all of this presupposes that your web server is running on the firewall. If it isn't then you need to replace '$FW' with whichever zone your server is in. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
