On 4/1/19 1:22 AM, Bertrand Friconneau wrote: > Hi everybody, > > I've got some trouble with Shorewall about a rule. > > I want to create a rule, allowing a streaming software to connect > youtube (Open Broadcast Software). > > So, i used this script to retrieved and created the ipset record on my > Shorewall, which contains Google's ip : > https://blog.hostname.sk/2014/03/26/shorewall-filtering-imapsmtp-access-to-gmail-com-domain/ > > > The commande "shorewall show dynamic gm4il" returns all the google's ip. > So i think it's ok. > > The file "shorewall.conf" was modified : > #SAVE_IPSETS=no > SAVE_IPSETS=yes > > I tried also "SAVE_IPSETS=ipv4", same result > > The file "zones" was modified : > gm4il:net ipv4 dynamic_shared > > The file "interfaces". No modification : > net $WAN_IF detect tcpflags,nosmurfs > dmz $DMZ_IF detect routeback,nosmurfs > loc $LOC_IF detect routeback,nosmurfs > vpn $VPN_IF detect tcpflags,nosmurfs > > > The file "params" where the interfaces, vlan and some ip groups are > declared. So just the interfaces. No modification : > WAN_IF="eno1" > DMZ_IF="eno2" > VPN_IF="tun0" > LOC_IF="enp1s0f1" > ..... > > The file "hosts" was created : > gm4il $WAN_IF:dynamic > > I tried also "gm4il net:dynamic", same result > > The command "shorewall check" returns no error > > But when i restart shorewall internet is OK excepted for Google sites > which became unreachabled. > > Any idea ? >
What policies have you defined to/from the gm4il zone? -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
