On 5/13/2017 1:20 PM, misc02 wrote: > Hi > > I've been using V4.5.4 for a while and it has worked fine. > I keep it simple and just add or remove entries from the blrules file. > > typically just > > DROP net:123.123.123.123 all > or the variation of IP addressing. > > What I would like to do now is to deny all access to the site > except those I ACCEPT > > ACCEPT net:123.123.123.123-123.123.123.124 all > or whatever. > > I was wondering what the easiest way for me to > block everything excluding > network connections (special use blocks is that?) > such as 127.0.0.1 etc > (The server is a hosted dedicated one.) >
From: http://shorewall.org/manpages/shorewall-blrules.html "Example 2: Don't subject packets from 2001:DB8::/64 to the remaining rules in the file. WHITELIST net:[2001:DB8::/64] all" So the following should do what you want: WHITELIST ... DROP ... See also: http://shorewall.org/configuration_file_basics.htm#Exclusion http://shorewall.org/manpages/shorewall-exclusion.html > and can I then just drop in my ACCEPT lines? > > Normally I'd just run a local test but my test network is offline. > -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
