On Wed, 5 Jan 2005 11:00:15 -0700 "Jamin W. Collins" <[EMAIL PROTECTED]> wrote:
> On Wed, Jan 05, 2005 at 08:36:01AM -0600, Jacob S wrote: > > > > I'm trying to restrict ssh access to a server so that only ips on > > our T1 can access it. I used the following format: > > > > TRUSTED_CONNECTIONS="src.com.ip.xx()-svr.dst.ip.xx(:22)" > > <ashamed> > It appears I never implemented that variable in the firewall script. > I clearly see it in the firewall.conf but it is never referenced in > the firewall script itself. > </ashamed> I wondered why I couldn't spot anything related to it in /etc/init.d/firewall. :-) I looked at the code for some of the other functions in the firewall, did a man iptables and added some code to /etc/init.d/firewall. In the process, I checked iptables to see how to specify a netmask - it turns out the existing sed regexes in the script already format it properly. It works in my tests on one of my servers (running Debian Sarge and a 2.4.26 kernel), but I did not do very extensive testing. I've attached two patches to this e-mail. Thanks for the great firewall script, Jamin! Jacob
firewall.conf.patch
Description: Binary data
firewall.patch
Description: Binary data