[Shorewall-users] Quick Start Guide (fwd)

Paul Gear paulgear@bigfoot.com
Thu, 11 Apr 2002 05:59:45 +1000

Tom Eastep wrote:

> ...
> > Also, I assume my CM is outside the fw and is thus part of the net zone,
> > but I wasn't clear how to define a rule that allowed me to get my browser
> > to connect to it's IP ( to read the status info, given the
> > norfc1918 option.
> If you have that requiremenent then you can't use 'norfc1918'.

Someone developed a recipe for this a while back.  Put this in your
/etc/shorewall/start file:


for addr in `separate_list $IGNORE1918`; do
    run_iptables -I rfc1918 -s $addr -j RETURN

Search the archives for an explanation of what it does.