But I was asking on how to restrict SSH to only answer on one of my LIVE ips and for shorewall to ONLY allow ssh connections on that LIVE ip. Due to me only being on a dynamic IP (my DSL provider is a real PIG they force change my IP every 2 days) I can't restrict SSH to a fixed IP.
I have absolutely no idea what you mean by LIVE IP. I can point out however that the answer to FAQ #2 shows you now to determine the current IP address of an interface and then use that IP address in a rule.
And the reason that ORIGINAL DEST is only needed in DNAT -- when you are doing DNAT, there are two destinations; the ORIGINAL DESTINATION and the FINAL DESTINATION. In all other cases, the destination isn't changed by the rule so there is only one and you specify it (obsurely) in the DEST(INATION) column.
And I do know of the shorewall site. But I think I do this time have a valid question in relation to upgrading from 1.3 to 1.4?
Your wesite says If you already have a running Bering installation and wish to upgrade to a later version of Shorewall: UNDER CONSTRUCTION...
That worried ME even more... Is it a timing issue on getting the documentation done or is it a little more complicated?
a) I don't run Bering.
b) I will never run Bering.
c) No one that runs Bering has stepped forward to write this section even though I've asked on the list.
d) Therefore, I have concluded that either no one knows how to do it or no one care's enough to let other know how to do it.
-Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
