Re: [Shorewall-users] open command

Fri, 24 Mar 2017 08:58:35 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/24/2017 08:36 AM, Nerijus Baliunas wrote:
> On Fri, 24 Mar 2017 08:19:49 -0700 Tom Eastep
> <[email protected]> wrote:
> 
>>> I tried, but got: ERROR: A non-empty SWITCH column requires 
>>> Condition Match in your kernel and iptables
>>> /etc/shorewall/rules (line 58)
>>> 
>>> It is a CentOS 6 system, probably it does not have Condition 
>>> Match?
>> 
>> Most likely. Might be in the iptables-addons package if that is 
>> available for CentOS 6.
> 
> shorewall dump|grep Cond Condition Match (CONDITION_MATCH): Not
> available
> 
> So the only option for me is to use 2 different shorewall configs
> and restart firewall?
> 

You could also insert an ACCEPT rule in the nat table in front of the
DNAT rule for port 443.

        iptables -t nat -I ethX_dnat -p tcp --dport 443 -j ACCEPT

where ethX is your Internet interface.


Then, an open will work. When you want to switch back, simply delete
the rule.

- -Tom
- -- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJY1UBwAAoJEJbms/JCOk0QvToP/jdvGMwjdamJ0jNwku1dDRNe
su1f7LbWDQxk7JOlMTJT67DTwRxvkPPy/wyAi8zx9Kih8M84c0zzjAt2wbW8snTr
ZbaIDuqK/bRbueqjZ+ns9uQKkGad7qqx1GM2OItmFxk1Nt+bjhD8S1Ov/MqXiR5G
vfIf9JHxC4DmBGX59pvqPB2BLgg6kl0R+hJ3egWYFChuo0aq/hW3SX3jkPAA+3vk
G8j0xF/NjuDyz7Ijoi3ZQsL8VSyEvHktm5itqH6T5m1RAlqKYnmqymEmz7BUeDJ7
ApE3n9JSoFXfO+1CNW+T4lmGapFsZ54mqldgePoN5/z9jkG34j9U8YWCIekqCiqf
JEI0BX5zWh2QTiL4e+1NrBNXm6hHLOuxBS91vVxTiP7WW/poqOjZMPwdhykcMeZ4
3tq7FTGQ0YPQEuOT5YlABcSZr2R5FLvGE5erltnVBOdBL0uEAhWFgSljyaPzB/+V
1+IRIK4yiOkbhTScQh3Kn6aXaQFZZ9jkMXRKW0IDhfGCI8OGLnnLhzeCYRPG2bqU
AafhG7CEYJxQwptKdNyUTpZkcvnOoS0nbi1llIv21wiQuOrWZIZERgnV7kg1LBFI
wnyg/fVK1Hd+a6t0Jj8kuhv5ZUIYGws9ugJdEyRqvNIB+PPy3iAgc0bqQdgU9BYl
XDMrU5S/GH4hggLQO+Xd
=C/ZK
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to