Hi all,

I'm having a play with shorewall rules, specifically using the USER column to restrict access to a local port. If I have a rule like this...

  DROP:info fw fw tcp 1332 - - - !foo - - - - - -

...then only local user foo can connect to 1332/tcp on the server's normal IP address. However, the rule isn't matched if they try the loopback address instead. This isn't quite what I wanted!

I tried creating a zone of type loopback with appropriate policies and rules, but shorewall aborted with:

  ERROR: USER/GROUP may only be specified when the SOURCE zone is $FW 
/etc/shorewall/rules

Any ideas on how to handle this in shorewall, short of fiddling with the application to make sure it doesn't bind to the loopback interface, please?

Shorewall 5.2.

Thanks,

Mark


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to