Anna Jonna Armannsdottir wrote: > Hi folks! > > I am learning how to use Shorewall and it has been a nice experience. > > > My University has a range of IP numbers, under the same domain. They > have been named hiis after the domain name. This is done in the hosts > file. > > My problem is that I can not avoid using the hosts configuration. > > My Question is: Is it possible to achieve this without using the > hosts configuration? > ... > #ZONE HOST(S) OPTIONS > hiis > eth2:130.208.67.0/24,130.208.68.0/22,130.208.72.0/21,130.208.96.0/19,130.208.128.0/18 > \ > tcpflags > any eth2:0.0.0.0/0 tcpflags
An alternative is to put those IP addresses in params like this: HIIS=130.208.67.0/24,130.208.68.0/22,130.208.72.0/21,130.208.96.0/19,130.208.128.0/18 and then add a rule that checks for it, e.g.: ACCEPT any:$HIIS $FW tcp 80 Or something like that. On my systems, i prefer to see it defined as a zone, because it's a lot more flexible. Most of the time, i define all of my zones in hosts and leave interfaces empty. Paul ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
