From: Harry L. <gr...@fr...> - 2008-12-24 14:31:32
|
Hi all I am trying to get ipsets to work how ever I seem to come across a problem I don't quite understand .. I wan't friend nets ( white zone ) to be able to log into the firewall I am using ipsets for this .. I went through to ipsets shorewall howto page But I does'nt seem to work propely ... I' ve tried both wild card on interfaces - eth0 ..... - eth1 ..... and in hosts net eth0:0.0.0.0/0 net eth0:0.0.0.0/0 and without wild cards Interfaces net eth0 .... net eth1 .... Common in both cases was the zones file white ipv4 hosts white eth0:+whitehosts,+whitenets white eth1:+whitehosts,+whitenets shorewall dump shows that the eth0_in chain the white2fw rule gets inserted bellow the net2fw My policy rule is net fw drop ----------------------------------------------------------------------------------------------------------------------------------------------------------- 43 3972 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 43 3972 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 19 912 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 133 11532 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 white2fw all -- * * 0.0.0.0/0 0.0.0.0/0 set whitehosts src 0 0 white2fw all -- * * 0.0.0.0/0 0.0.0.0/0 set whitenets sr ---------------------------------------------------------------------------------------------------------------------------------------------------------- I manually did a iptables -I eth0_in -m set --set whitehosts src -j white2fw iptables -I eth0_in -m set --set whitehosts src -j white2fw that is inserting on top of the chain ..... and it all worked :-\ ........ I include my shorewall.dump file Thanks in Advance Harry. |