Probably something silly I'm doing but I don't see it for the moment.
I had rules:
DNAT schl pinet:${Pinet}.1 tcp ssh -
${Schlnet}.129
DNAT schl pinet:${Pinet}.1 tcp 5900 -
${Schlnet}.129
plus another 7 pairs with consecutive destination and original
destination addresses.
I needed to add an http rule and expand it to 16 IP addresses, so I
wrote a macro.Pi:
PARAM - - tcp 5900:5909 - -
PARAM - - tcp ssh - -
PARAM - - tcp http - -
and replaced all the former rules by 16 after the fashion:
Pi(DNAT) schl pinet:${Pinet}.1 - - -
${Schlnet}.129
(I generalised the VNC port while I was at it.)
Connections utilising those rules were then refused. I don't see why.
Perhaps this would be a classic use case for IPsets.
Regards - Philip
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
