[Shorewall-users] restricting port to specific ip address

Tom Eastep teastep@shorewall.net
Mon, 15 Apr 2002 10:55:43 -0700 (Pacific Daylight Time)

On Mon, 15 Apr 2002, Eduardo Ferreira wrote:

> Hi all,
> is it possible to restrict the use of an outbound port (from loc to net)
> to a specific ip address, i.e.:  if you use port xxxx you can only connect
> to ip address yyy.yyy.yyy.yyy? if it is, how do I implement it?
> TIA,

In /etc/shorewall/rules:

REJECT	loc	net:!yyy.yyy.yyy.yyy	<protocol>	<port #>

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net