From: Norbert P. <hom...@gm...> - 2010-10-27 20:29:22
|
Oki i understood the approach, i m worried on the effects with fail2ban ... i think i will choose the vpn solution instead ... welcome openvpn, distance in france are not that huge ... lol anyway it s a real pleasure to meet gentlemen with a good knowledge on a so particular subject. 2010/10/27 Harry Lachanas <gr...@fr...> > On 10/26/2010 06:41 PM, Norbert Penel wrote: > > Really thanks gentlemen > You re right, i try to open a wan port > i have investigate mac filtering and i succeed to get that in my shorewall > dump : > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 MAC 00:XX:XX:XX:XX:XX tcp dpt:22 > unfortunetly it doesn t work ... snif > > Anyway, i'll have a look on ipsets that seems to fit my need > > Do you know which shorewall service call will update the IP if this one > have change, reload or restart ? > > The nice thing about ipsets and ( iptables -> shorewall ) is that after > updating your ipsets you DON'T have to reload your Firewall rules. > As a matter of fact I guess you can change the whole logic of your FW rules > with ipsets. > I come think of it as an Object Oriented Approach. You assign attributes to > your sets in shorewall and clients - client/sets into your ipsets. > Is this Perfect ??? Or Is it Perfect ?? > Cheers. > Harry > > > > > > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America > contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in > marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > -- Norbert Penel tel : 06 33 32 32 34 |