From: Tom E. <te...@sh...> - 2012-11-26 19:05:55
|
On 11/26/2012 10:23 AM, Aaron C. de Bruyn wrote: > Is there an easier way to do ACLs in Shorewall? > I am currently writing out lots of lines in the rules file that differ > only by an IP address. > > Instead of writing rules like: > SSH(ACCEPT) wan:some.ip.addr dmz tcp 22 > SSH(ACCEPT) wan:ano.ther.ip.addr dmz tcp 22 > SSH(ACCEPT) wan:home.ip.addr dmz tcp 22 > > Can I do something like: > #/etc/shorewall/acls > trusted some.ip.addr > trusted ano.ther.ip.addr > trusted home.ip.addr > > #/etc/shorewall/rules > SSH(ACCEPT) wan:trusted dmz tcp 22 > > Am I missing something in the docs? ipsets? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ |