Am Donnerstag, 23. Mai 2019, 15:48:43 CEST schrieb Tom Eastep:
> On 5/23/19 2:41 AM, Andreas Günther wrote:
> > Hello together,
> >
> > I have installed Shorewall 5.0.15.6 on a Debian Linux Stretch KVM-Host as
> > firewall with NAT to the KVM-VMs on the host.
> >
> > One of the VMs includes an Apache-Server and a ProFTPd-Server (IP
> > 192.168.1.75)
> > At first I use the zones fw, net and loc. Then my rules looks for FTP like
> >
> > FTP(ACCEPT) net loc:192.168.1.75
> > FTP(ACCEPT) loc:192.168.1.75 net
> >
> > macro.FTP:
> > ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER )
> > PARAM - - tcp 21 { helper=ftp }
> > ?else
> > PARAM - - tcp 21
> > ?endif
> >
> > For running TLS on the ProFTPd-Server I use passive ports 49152 65535.
> > When
> > shorewall is started, I start additional
> >
> > iptables -I net-loc 2 -p tcp --match multiport --dports 49152:65535 --dst
> > 192.168.1.75 -j ACCEPT
> >
> > for opening the connection FTP-clients to ProFTPd-Server. That solutions
> > is
> > running well.
> > Now I want to build in this command in one marco or directly in the file
> > rules. But I don't know how I have do it.
> >
> > Is here someone who can explains it to me?
>
> The rule is:
>
> ACCEPT net loc:192.168.1.75 tcp 49152:65535
>
> You might also want to look at the current thread on this list with the
> subject "Resetting an event when a connection is closed", as it is
> addressing this same configuration issue.
>
> -Tom
Thanks Tom,
I have already seen it, but I wasn't sure the function "actions".
Andreas
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
