Hello,
I'm new to shorewall. I am running shorewall on my openSUSE Linux PC
which connects to the Internet through a Draytek router. There are other
machines in the house using the same router but 'outside' this firewall,
and I want some of them to be able to access a web2py server on port
8081 running on the desktop PC which is running the firewall (ie. they
will connect through the LAN).
I have added the MAC addresses of these machines to
/etc/shorewall/maclist but they still get rejected.
/etc/shorewall/zones contains these lines
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
/etc/shorewall/interfaces contains
#ZONE INTERFACE OPTIONS
net eth0 maclist
/etc/shorewall/policy contains
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
$FW net ACCEPT
net all DROP info
all all REJECT info
/etc/shorewall/rules contains
?SECTION NEW
ACCEPT net $FW tcp 8197
Rsync(ACCEPT) net $FW
ACCEPT net $FW tcp 8081
Ping(DROP) net all
and /etc/shorewall/maclist contains
#DISPOSITION INTERFACE MAC IP ADDRESSES
(Optional)
ACCEPT eth0 B4-CE-F6-9D-30-D5 192.168.1.12
ACCEPT eth0 44-1E-A1-F9-5F-18
ACCEPT eth0 00-22-5F-04-6F-06
ACCEPT eth0 00-21-9B-DB-45-D4
ACCEPT eth0 E8-99-C4-8E-BC-A5
ACCEPT eth0 5C-E0-C5-B7-3F-3B
ACCEPT eth0 76-2C-D8-7B-BC-50
Do you need any other information? Log file?
Many thanks,
Bob
--
Bob Williams
System: Linux 4.1.20-11-default
Distro: openSUSE 42.1 (x86_64)
Desktop: KDE Frameworks: 5.21.0, Qt: 5.5.1 and Plasma:
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
