| Paul on Tue, 23 Sep 2003 03:24:50 -0400 |
|
Eric MacAdie wrote: Could you share that Shoreline script? Do you mean the resulting iptables rules or the multiple Shorewall config files? I don't want to paste *that* many iptables rules to the list. The "policy" and "rules" files seem to be the most important Shorewall files. These are the names of the Shorewall files that I've modified so far: *policy* zones interfaces tunnels maclist masq The modifications within each file, with modifications, follow: policy: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc all ACCEPT wlan all ACCEPT vpn all ACCEPT # If you want open access to the Internet from your Firewall # remove the comment from the following line. fw all ACCEPT net all DROP info all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local Networks wlan WLAN wireless network vpn VPN VPN through wireless #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect dhcp,routefilter,norfc1918 loc eth0 detect wlan wlan0 detect maclist vpn ipsec0 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE tunnels: # TYPE ZONE GATEWAY GATEWAY ZONE PORT ipsec wlan 192.168.77.1 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE maclist: #INTERFACE MAC IP ADDRESSES (Optional) wlan0 01:D2:3E:22:F6:AA 192.168.77.13 #laptop #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE masq: #INTERFACE SUBNET ADDRESS eth1 eth0 eth1 wlan0 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|
|