[Shorewall-users] restricting port to specific ip address

Eduardo Ferreira duda@icatu.com.br
Mon, 15 Apr 2002 14:58:09 -0300


This is a multipart message in MIME format.
--=_alternative 0062B44D83256B9C_=
Content-Type: text/plain; charset="us-ascii"

Tom,

worked like magic.  thanks a lot...





Tom Eastep <teastep@shorewall.net>
Sent by: shorewall-users-admin@shorewall.net
15/04/2002 14:55

 
        To:     Eduardo Ferreira <duda@icatu.com.br>
        cc:     "shorewall-users@shorewall.net" <shorewall-users@shorewall.net>
        Subject:        Re: [Shorewall-users] restricting port to specific ip address


On Mon, 15 Apr 2002, Eduardo Ferreira wrote:

> Hi all,
>
> is it possible to restrict the use of an outbound port (from loc to net)
> to a specific ip address, i.e.:  if you use port xxxx you can only 
connect
> to ip address yyy.yyy.yyy.yyy? if it is, how do I implement it?
>
> TIA,

In /etc/shorewall/rules:

REJECT           loc             net:!yyy.yyy.yyy.yyy <protocol>  <port #>

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users



--=_alternative 0062B44D83256B9C_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="sans-serif">Tom,</font>
<br>
<br><font size=2 face="sans-serif">worked like magic. &nbsp;thanks a lot...</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Tom Eastep &lt;teastep@shorewall.net&gt;</b></font>
<br><font size=1 face="sans-serif">Sent by: shorewall-users-admin@shorewall.net</font>
<p><font size=1 face="sans-serif">15/04/2002 14:55</font>
<br>
<td><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; To: &nbsp; &nbsp; &nbsp; &nbsp;Eduardo Ferreira &lt;duda@icatu.com.br&gt;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; cc: &nbsp; &nbsp; &nbsp; &nbsp;&quot;shorewall-users@shorewall.net&quot; &lt;shorewall-users@shorewall.net&gt;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Subject: &nbsp; &nbsp; &nbsp; &nbsp;Re: [Shorewall-users] restricting port to specific ip address</font></table>
<br>
<br>
<br><font size=2 face="Courier New">On Mon, 15 Apr 2002, Eduardo Ferreira wrote:<br>
<br>
&gt; Hi all,<br>
&gt;<br>
&gt; is it possible to restrict the use of an outbound port (from loc to net)<br>
&gt; to a specific ip address, i.e.: &nbsp;if you use port xxxx you can only connect<br>
&gt; to ip address yyy.yyy.yyy.yyy? if it is, how do I implement it?<br>
&gt;<br>
&gt; TIA,<br>
<br>
In /etc/shorewall/rules:<br>
<br>
REJECT &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; loc &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; net:!yyy.yyy.yyy.yyy &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;protocol&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;port #&gt;<br>
<br>
-Tom<br>
--<br>
Tom Eastep &nbsp; &nbsp;\ Shorewall - iptables made easy<br>
AIM: tmeastep &nbsp;\ http://www.shorewall.net<br>
ICQ: #60745924 &nbsp;\ teastep@shorewall.net<br>
<br>
_______________________________________________<br>
Shorewall-users mailing list<br>
Shorewall-users@shorewall.net<br>
http://www.shorewall.net/mailman/listinfo/shorewall-users<br>
</font>
<br>
<br>
--=_alternative 0062B44D83256B9C_=--