Anna Jonna Armannsdottir wrote:
On þri, 2008-05-20 at 21:43 +1000, Paul Gear wrote:An alternative is to put those IP addresses in params like this:HIIS=130.208.67.0/24,130.208.68.0/22,130.208.72.0/21,130.208.96.0/19,130.208.128.0/18 and then add a rule that checks for it, e.g.: ACCEPT any:$HIIS $FW tcp 80 Or something like that.Thanks. That does it. I did not know that it is possible to define arbitrary variables in Shorewall. Then maybe I can change my policy to: $HIIS $FW ACCEPT
No -- zone names may not be qualified by an IP address list in the policy file. If you want to do that, you'll need to define the zone using the hosts file.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
