[Shorewall-users] New Actions

Paulo Kappke paulo.kappke at cyclades.com
Mon Dec 1 16:44:28 PST 2003


Tom, for instance, I have in my old firewall script:

# Chain with disallowed ports:
iptables -N DENYVALID
iptables -A DENYVALID -p tcp --dport 5050 -j DENYRULES # YAHOO MESSENGER
iptables -A DENYVALID -p tcp --dport 1863 -j DENYRULES #   MSN MESSENGER

# Chain to log the disallowed ports:
iptables -N DENYRULES
iptables -A DENYRULES -j LOG --log-prefix "IPT DENYRULES: " $LOGOPT

# Rule calling the Chain to log the disallowed ports
iptables -A GOOD-BAD -j DENYVALID

Did you understand it ?

How do I do this in Shorewall ?

Thanks,
Paulo K

Tom Eastep wrote:

> On Mon, 2003-12-01 at 15:50, Paulo Kappke wrote:
> 
>>Hi, I have installed Shorewall with Webmin and they work very well.
>>
>>I have a question: can I create chains and point actions to these chains ??
>>
>>Let me explain:
>>
>>I have chains that I created for log/drop and/or log/accept those I am 
>>using in one or more chains pointed as actions.
>>
>>Is there any chance to do something similar in Shorewall ??
> 
> 
> What exactly are you trying to accomplish?
> 
> -Tom

-- 
---------------------------
Paulo Roberto Kappke
IT Manager
Cyclades Corporation
paulo.kappke at cyclades.com
Phone: +1 (510) 771-6241
Fax:   +1 (510) 771-6200
http://www.cyclades.com
Everywhere with Linux
---------------------------





More information about the Shorewall-users mailing list