[Shorewall-users] (no subject)
Thu, 25 Apr 2002 08:44:03 +1000
Paul Gear wrote:
> Aaron Axelsen wrote:
> > Is there anyway to block all outgoing access to a certain ip with
> > shorewall?
> Add the hosts to a zone called "ban" or something like that, and set
> the policy from "all" to "ban" as DROP.
BTW, folks, this is really the best way to implement a "whitelist",
too. Just make a zone called "wl" (or "ok", or whatever your
preference), add the hosts to it, and set the policy to ACCEPT.
The whitelist feature is just a way of condescending to people who
can't figure out their Shorewall hosts file. Tom is a crowd-pleaser.