[Shorewall-newbies] SOURCE in rules
Francesca C Smith
fsmith at ladylinux.com
Mon Dec 8 13:20:47 PST 2003
On Mon, 2003-12-08 at 11:08, Jorge Almeida wrote:
> I could use some help with the syntax for source restricting in
> Suppose that the variables SOME_IP and SOME_MAC are set in
> /etc/shorewall/params (where SOME_IP is an IP number and SOME_MAC is a
> hardware address in the shorewall format). What would the following line in
> /etc/shorewall/rules do?
> ACCEPT net:$SOME_IP,$SOME_MAC fw tcp 22
> I'm assuming that a tcp connection to port 22 would be accepted if
> it came from the $SOME_IP ip *OR* from the $SOME_MAC hardware address.
> Am I right?
> Now, suppose that I want to accept connections from a unique NIC,
> identified by both its ip number *AND* its hardware address, for good
> measure (call me paranoid). If $SOME_IP and $SOME_MAC correspond to the
> same NIC, would the following line do the job?
> ACCEPT net:$SOME_IP:$SOME_MAC fw tcp 22
> (All this refers to a standalone machine setup with standard
I am not sure if you can combine both a IP and a MAC address in a rule
together .. But two things might work .. And I will ask others to
1: Use two rules
ACCEPT net:~some_mac net fw tcp 22
ACCEPT net:some_ip net fw tcp 22
Note: Mac rules need the "~" before them for shorewall to work right .
2. Use the maclist functionality to do this ..
Look Here For Details ..
The later link seems to be a bit hard to find .. But the shorewall
documentation is being improved ..
No Problems Only Solutions
Lady Linux Internet Services
More information about the Shorewall-newbies