[Shorewall-users] Excluding clients from rules
Wed, 16 Jan 2002 23:40:00 +0100
Why can't he just put a REJECT or a DROP rule (or for surrounding squid
another ACCEPT rule) above his ACCEPT rule for http ports since rules are
processed until the first fitting is found, afaik?
At 07:25 15.01.2002 -0800, Tom Eastep wrote:
>On Tuesday 15 January 2002 07:07 am, Christian Lox wrote:
> > Hi everyone!
> > First: Thanks for all the work on this great project.
> > I am playing around with it the whole day, but one question remains
> > (for now!)...
> > Is set up a rule as described in the documentation to forward all
> > outgoing http traffic to our Squid.
> > ACCEPT local fw::3128 tcp 80 - all
> > This works just fine, but I have to exclude some clients from this
> > (IPs are in the local range).
> > Any help appreciated!
>The only way that I can think of for you to do that with Shorewall is to
>place these clients in their own zone and you MUST make that zone disjoint
>from your local zone. I would need to change the structure of chains that
>Shorewall places in the nat table in order for it to work with overlapping
>Tom Eastep \ A Firewall for Linux 2.4.*
>AIM: tmeastep \ http://www.shorewall.net
>ICQ: #60745924 \ firstname.lastname@example.org
>Shorewall-users mailing list