[Shorewall-newbies] SOURCE in rules

Jorge Almeida jalmeida at math.ist.utl.pt
Mon Dec 8 16:08:23 PST 2003

I could use some help with the syntax for source restricting  in
Suppose that the variables SOME_IP and SOME_MAC are set in
/etc/shorewall/params (where SOME_IP is an IP number and SOME_MAC is a
hardware address in the shorewall format).  What would the following line in
/etc/shorewall/rules do?
ACCEPT	net:$SOME_IP,$SOME_MAC	fw	tcp	22

I'm assuming that a tcp connection to port 22 would be accepted if
it came from the $SOME_IP ip *OR* from the $SOME_MAC hardware address.
Am I right?
Now, suppose that I want to accept connections from a unique NIC,
identified by both its ip number *AND* its hardware address, for good
measure (call me paranoid). If $SOME_IP and $SOME_MAC correspond to the
same NIC, would the following line do the job?

ACCEPT  net:$SOME_IP:$SOME_MAC  fw      tcp     22

(All this refers to a standalone machine setup with standard

Jorge Almeida

More information about the Shorewall-newbies mailing list