[Shorewall-users] Excluding clients from rules

Tom Eastep teastep@shorewall.net
Tue, 15 Jan 2002 07:25:00 -0800


Hello Christian,

On Tuesday 15 January 2002 07:07 am, Christian Lox wrote:
> Hi everyone!
>
> First: Thanks for all the work on this great project.
> I am playing around with it the whole day, but one question remains
> (for now!)...
>
> Is set up a rule as described in the documentation to forward all
> outgoing http traffic to our Squid.
> ACCEPT    local   fw::3128     tcp     80      -       all
>
> This works just fine, but I have to exclude some clients from this
> (IPs are in the local range).
>
> Any help appreciated!

The only way that I can think of for you to do that with Shorewall is to=20
place these clients in their own zone and you MUST make that zone disjoin=
t=20
from your local zone. I would need to change the structure of chains that=
=20
Shorewall places in the nat table in order for it to work with overlappin=
g=20
zones.

Sorry,
-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net