In /etc/shorewall/interfaces you probably want something along the following lines: #ZONE INTERFACE BROADCAST OPTIONS loc eth0 detect dhcp net eth1 detect norfc1918,blacklist
In /etc/shorewall/policy you probably have a line that looks like: loc net ACCEPT If so, all traffic from loc to the internet will automatically be accepted, so you wont need an accept rule just for 192.168.6.2 Now if you don't have the above policy on purpose, then the following rule in /etc/shorewall/rules will accomplish the same thing for that one IP: ACCEPT loc:192.168.63.2 all all But you probably don't want a rule such as: ACCEPT net:215.162.1.22 all all On Mon, 2007-01-15 at 10:05 -0700, Graziano wrote: > Thank you > > I have > RFC1918_STRICT=No > RFC1918_LOG_LEVEL=alert > > what to do to leave RFC1918 only on the external ? > > And , please how to allow an ip fully ? > > are these rules ok ? > > ACCEPT loc:192.168.63.2 all all (for internal ip) > ACCEPT net:215.162.1.22 all all (for external ip) > > Thank you! > > > > > > > > I just looked at your log snippet closer, it is being dropped because > > you have the norfc1918 option set in shorewall/interfaces. > > > > If eth0 is your internal (loc) interface, remove that option from that > > interface, it is ok to leave it on the external (net) interface. > > > > > > On Mon, 2007-01-15 at 06:51 -0700, Graziano wrote: > > > >> Hello > >> > >> I have my shorewall log full of these > >> > >> Jan 15 02:11:52 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= > >> MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 > >> DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14102 PROTO=UDP > >> SPT=20060 DPT=623 LEN=20 > >> > >> I wish to allow 192.168.63.2 to remove these droppings . How to do that > >> ? I can see a blacklist files but I cannot see a whitelist file > >> I suppose I have to write something on rule , but I am not sure . > >> > >> Anyone can tell me how to do that ? > >> > >> Thanks > >> > >> -- Bryan Vukich Network Administrator The Olson Company
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
