Hi there i'm using leaf-bering-1.2 as a firewall and masquerading for a smallhome network and works fine
i'm using DNAT so that one host gets all the packets that arrive at certain ports on the external interface of the firewall (for bittorentclient) right now i have the bittorent client doing all the ip filtering, so that it will refuse establishing connection to international hosts (very strict international download limits) since i want to change to another client program -- which doesn't do any filtering -- i would like to know if it's possible to do it with BERING? that is, i want to be able to check the destination (for outgoing traffic) and source addresses (for incoming) of all the packets that arrive at certain destination ports and drop all those addresses that don't belong to the list of national addresses (BIG LIST) something like (in /etc/shorewall/rules): DENY loc:192.168.1.3 net:!(1.1.1.0/32,4.0.0.0/8,...) tcp shh DNAT net:1.1.1.0/32,4.0.0.0/8,... loc:192.168.1.3 tcp ssh can anyone help me? thanks in advance vasco -- Adira já ao Net Dialup Light. Acesso profissional gratuito. NovisNet, a Internet de quem trabalha. http://www.novisnet.pt ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html