Here is the file "/etc/shorewall/policy"
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
fw all ACCEPT
all all REJECT debug
Le 01/04/2019 à 16:56, Tom Eastep a écrit :
On 4/1/19 1:22 AM, Bertrand Friconneau wrote:
Hi everybody,
I've got some trouble with Shorewall about a rule.
I want to create a rule, allowing a streaming software to connect
youtube (Open Broadcast Software).
So, i used this script to retrieved and created the ipset record on my
Shorewall, which contains Google's ip :
https://blog.hostname.sk/2014/03/26/shorewall-filtering-imapsmtp-access-to-gmail-com-domain/
The commande "shorewall show dynamic gm4il" returns all the google's ip.
So i think it's ok.
The file "shorewall.conf" was modified :
#SAVE_IPSETS=no
SAVE_IPSETS=yes
I tried also "SAVE_IPSETS=ipv4", same result
The file "zones" was modified :
gm4il:net ipv4 dynamic_shared
The file "interfaces". No modification :
net $WAN_IF detect tcpflags,nosmurfs
dmz $DMZ_IF detect routeback,nosmurfs
loc $LOC_IF detect routeback,nosmurfs
vpn $VPN_IF detect tcpflags,nosmurfs
The file "params" where the interfaces, vlan and some ip groups are
declared. So just the interfaces. No modification :
WAN_IF="eno1"
DMZ_IF="eno2"
VPN_IF="tun0"
LOC_IF="enp1s0f1"
.....
The file "hosts" was created :
gm4il $WAN_IF:dynamic
I tried also "gm4il net:dynamic", same result
The command "shorewall check" returns no error
But when i restart shorewall internet is OK excepted for Google sites
which became unreachabled.
Any idea ?
What policies have you defined to/from the gm4il zone?
-Tom
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
