Thanks, works perfectly. With regards Ivica Glavocic
LaserLine mail poruka On 9.1.2015. 15:11, Simon Hobson wrote: > Ivica Glavocic <[email protected]> wrote: > >> Is it possible to group those Internet CIDR networks in FROM part of >> the rule and use group name so that rules are clear? > Yes, use the params file. You can do things like this : > > params : > OfficeLan=192.168.1.0/24,10.0.2.0/24 > WiFiLan-192.168.17.0/24 > Lans=$OfficeLan,$WiFiLan > MXs=192.168.1.34,192.168.1.56 > > Then in rules : > > HTTP/ALLOW int:$Lans ext > SMTP/ALLOW ext int:$MXs > > > At work we had problems with massive attacks from China against some of our > servers. To sit down and enter a long list of subnets into the firewall GUI > would have been a complete PITA. INstead I put them in the params file on the > border routers - still something like 2 screens worth of solid numbers ! - > and did something like : > HTTP/DROP ext:$China int:$WebServers > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
