[Shorewall-users] (no subject)

Paul Gear paulgear@bigfoot.com
Thu, 25 Apr 2002 08:44:03 +1000


Paul Gear wrote:

> Aaron Axelsen wrote:
>
> > Is there anyway to block all outgoing access to a certain ip with
> > shorewall?
>
> Add the hosts to a zone called "ban" or something like that, and set
> the policy from "all" to "ban" as DROP.

BTW, folks, this is really the best way to implement a "whitelist",
too.  Just make a zone called "wl" (or "ok", or whatever your
preference), add the hosts to it, and set the policy to ACCEPT.

The whitelist feature is just a way of condescending to people who
can't figure out their Shorewall hosts file.  Tom is a crowd-pleaser.
;-)

Paul
http://paulgear.webhop.net