[Firehol-support] Multiple Ip Allows - Denigh rest of subnet
Costa Tsaousis
costa at tsaousis.gr
Mon Dec 1 05:20:48 GMT 2003
See bellow
> accepted_ips="
> 192.168.2.96
> 192.168.2.42
> #192.168.2.54
> 192.168.2.66
> 192.168.2.174"
I don't think that BASH will accept this # as a comment.
You can move this list to another file (say, /etc/firehol/ips.txt) and use
this here:
accepted_ips="`cat /etc/firehol/ips.txt | grep -v '^#'`"
(copy and paste it, there are 3 kinds of quotes here)
Then put this in /etc/firehol/ips.txt
192.168.2.96
192.168.2.42
# 192.168.2.54
192.168.2.66
192.168.2.174
Note that the # has to be the first character of line. If it is not, it
will appear in your list. No other comments are allowed in this file.
>
> router lan2internet inface eth1 outface eth0
>
> masquerade
>
> route ${accepted_ips} accept
>
Delete this. It does the same job with the one bellow.
>
> router internet2lan inface eth0 outface eth1
>
> masquerade reverse
>
> client all accept
>
> server ident reject with tcp-reset
>
Change the client statement to:
client all accept src "${accepted_ips}"
Done.
Costa
More information about the Firehol-support
mailing list