Shorewall Groups?

From: Jay (user_at_isp.tld)
Date: 02/28/05


Date: Mon, 28 Feb 2005 08:34:57 -0600

I have a set of 3 computers on my network that our operators use for
their job. These computers have limited internet access defined by
iptables rules I have set up. Currently, when I want to alter a rule, I
have to make the change 3 times. What I would like to do is leave the
outbound filtering up to our router (which is running Shorewall) and not
up to the computers themselves.

The easiest way (I would imagine) is to create some sort of a usergroup
in Shorewall that I could add these 3 computers as members and then
create rules for that usergroup. Any future changes I would need to
make would only need to be done once.

Therein lies my problem. I'm not too familiar with Shorewall, and I
don't know how to make a usergroup (or if it's even possible). Knowing
what I'd like to do, have any of you any suggestions on a way for me to
set this up in Shorewall? If the solution is advanced, please post it
anyway, as I'm pretty good at picking this stuff up once I see how it's
done.

Thanks in advance,
Jay



Relevant Pages

  • Shorewall Groups(again)?
    ... These computers have limited internet access defined by ... outbound filtering up to our router (which is running Shorewall) and not ... The easiest way is to create some sort of a usergroup ... Any future changes I would need to ...
    (comp.security.firewalls)
  • Re: Cannot ping other computers on LAN
    ... On both computers and I can ping now. ... I put a small rule in shorewall to ... Two RFCs available on any search engine. ... and the registrar has decreed that the user is responsible ...
    (comp.os.linux.networking)
  • Re: Cannot ping other computers on LAN
    ... On both computers and I can ping now. ... I put a small rule in shorewall to ... allow ssh connections from the LAN only and now ssh works also. ...
    (comp.os.linux.networking)
  • Re: Distribute to user account objects in specific AD group in SCC
    ... For your second query, perhaps try using the subselect 'not in' ... This gave me a list of all the computers in the AD group. ... It does NOT work the same way as users in a usergroup. ... problem upon removing the computer account from the AD group and invoking ...
    (microsoft.public.sms.admin)
  • RE: troubleshooting client not receiving policy for AD Sec group C
    ... back on and aren't using cached credentials. ... with you on the targetting of computers rather than groups. ... The new usergroup tokens aren't attached to the ... remotely examining the SMS Client can only successfully look at/remotely ...
    (microsoft.public.sms.swdist)