[Shorewall-users] Excluding clients from rules
Tue, 15 Jan 2002 07:25:00 -0800
On Tuesday 15 January 2002 07:07 am, Christian Lox wrote:
> Hi everyone!
> First: Thanks for all the work on this great project.
> I am playing around with it the whole day, but one question remains
> (for now!)...
> Is set up a rule as described in the documentation to forward all
> outgoing http traffic to our Squid.
> ACCEPT local fw::3128 tcp 80 - all
> This works just fine, but I have to exclude some clients from this
> (IPs are in the local range).
> Any help appreciated!
The only way that I can think of for you to do that with Shorewall is to=20
place these clients in their own zone and you MUST make that zone disjoin=
from your local zone. I would need to change the structure of chains that=
Shorewall places in the nat table in order for it to work with overlappin=
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com