On 09/14/2015 10:53 AM, Hristo Benev wrote: > Hi, > > I'm trying to get list of IPs under a variable(zone). > > I thinking to use hosts and zone. > > Is that best way or there is another one? > > Goal is to allow access on some ports for geo distributed monitoring system > (multiple single IPs). >
I'm not entirely clear what you are trying to accomplish. Is it that you want to have a set of systems in multiple zones that you give access to a set of ports? And you want to hold that list in a single variable? If so, you can /etc/shorewall/params MONITOR_IPS=1.2.3.4,2.3.4.5,3.4.5.6,... MONITOR_ZONES=z1,z2,... MONITOR_PORTS=111,222,333,... /etc/shorewall/action monitor /etc/shorewall/action.monitor ACCEPT $MONITOR_IPS /etc/shorewall/rules: monitor $MONITOR_ZONES zn:xx.xx.xx.xx tcp $MONITOR_PORTS Where 'zn:xx.xx.xx.xx' is the server for the ports. The other way is to have a variable per zone: /etc/shorewall/params: Z1_MONITOR=z1:1.2.3.4,5.6.7.8.,,, Z2_MONITOR=z2:2.3.4.5,6.7.8.9,... MONITOR+PORTS=111,222,333 /etc/shorewall/rules: ACCEPT $Z1_MONITOR zn:xx.xx.xx.xx tcp $MONITOR_PORTS ACCEPT $Z2_MONITOR zn:xx.xx.xx.xx tcp $MONITOR_PORTS ... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
