Hi all,
I'm having a play with shorewall rules, specifically using the USER column
to restrict access to a local port. If I have a rule like this...
DROP:info fw fw tcp 1332 - - - !foo - - - - - -
...then only local user foo can connect to 1332/tcp on the server's normal
IP address. However, the rule isn't matched if they try the loopback
address instead. This isn't quite what I wanted!
I tried creating a zone of type loopback with appropriate policies and
rules, but shorewall aborted with:
ERROR: USER/GROUP may only be specified when the SOURCE zone is $FW
/etc/shorewall/rules
Any ideas on how to handle this in shorewall, short of fiddling with the
application to make sure it doesn't bind to the loopback interface,
please?
Shorewall 5.2.
Thanks,
Mark
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users