Hi all I am trying to get ipsets to work how ever I seem to come across a problem I don't quite understand ..
I wan't friend nets ( white zone ) to be able to log into the firewall I am using ipsets for this .. I went through to ipsets shorewall howto page But I does'nt seem to work propely ... I' ve tried both wild card on interfaces - eth0 ..... - eth1 ..... and in hosts net eth0:0.0.0.0/0 net eth0:0.0.0.0/0 and without wild cards Interfaces net eth0 .... net eth1 .... Common in both cases was the zones file white ipv4 hosts white eth0:+whitehosts,+whitenets white eth1:+whitehosts,+whitenets shorewall dump shows that the eth0_in chain the white2fw rule gets inserted bellow the net2fw My policy rule is net fw drop -----------------------------------------------------------------------------------------------------------------------------------------------------------43 3972 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 43 3972 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 19 912 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 133 11532 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 white2fw all -- * * 0.0.0.0/0 0.0.0.0/0 set whitehosts src 0 0 white2fw all -- * * 0.0.0.0/0 0.0.0.0/0 set whitenets sr
---------------------------------------------------------------------------------------------------------------------------------------------------------- I manually did a iptables -I eth0_in -m set --set whitehosts src -j white2fw iptables -I eth0_in -m set --set whitehosts src -j white2fw that is inserting on top of the chain ..... and it all worked :-\ ........ I include my shorewall.dump file Thanks in Advance Harry.
shorewall.dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
