On 5/25/2020 4:36 PM, Tuomo Soini wrote: > On Mon, 25 May 2020 08:27:17 -0400 > "Brian J. Murrell" <br...@interlinx.bc.ca> wrote: > >> On Mon, 2020-04-27 at 11:24 -0400, Brian J. Murrell wrote: >>> If I have a bunch of zones defined: >>> >>> vpn1 ipv4 >>> vpn2 ipv4 >>> vpn3 ipv4 > >>> Is there any way to write a single rule that covers all of those >>> zones/hosts as a source? >>> >>> Something like: >>> >>> DNS/ACCEPT vpn* $INT_DNS >> >> Any thoughts on this? Not possible? > > First, DNS/ACCEPT is deprecated long time ago and won't work any more. > > This would work: > > DNS(ACCEPT) vpn1,vpn2,vpn3 $INT_DNS >
Some hints: /etc/shorewall/params: VPN_ZONES=vpn1,vpn2,vpn3,... /etc/shorewall/rules: ACCEPT $VPN_ZONES $FW:@$INT_DNS tcp,udp 53 Have you seen 'Example 9:' at (1). We gladly accept patches if you think that could be beneficial to Shorewall. 1) https://shorewall.org/manpages/shorewall-rules.html -- Matt Darfeuille <m...@shorewall.org> Shorewall Project Committee, one of four core members https://sourceforge.net/p/shorewall/mailman/message/36596609/ https://shorewall.org _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
