Menu
▾
▴
Re: [Shorewall-users] DNAT makes both ports (redirectee + redirected) accessible
|
From: Tom E. <te...@sh...> - 2005-09-12 19:58:20
|
Costantino wrote: > > Costantino wrote: >> >> While with Shorewall 2.2.1 the above rule allows access only to >> port 4412, with Shorewall 2.4.3 both port 22 and 4412 are accessible. >> Is that the intended behaviour with that version? > > No -- what does "shorewall show capabilities" output look like? > Sorry -- I was thinking about IP mapping, not port mapping. If your system only has a single interface, there is no way using standard Shorewall configuration features (in any Shorewall version) to block access to 192.168.2.21:22 if you have the rule that you quote in your original post. That technique will only work on a two-interface system as described in the answer to FAQ 1e. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |