Tips
Shorewall - Open ports for specific IP
ACCEPT net:202.202.202.1 $FW tcp ssh
ACCEPT net:202.202.202.1 $FW tcp ftp
------------
Edit the /etc/shorewall/rules and write something like this:
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
ACCEPT net:92.119.205.137 fw tcp 22
ACCEPT net:92.119.205.137 fw tcp 5900
ACCEPT net:92.119.205.137 fw tcp 3389
ACCEPT net:92.119.205.137 fw tcp 7001
ACCEPT net:92.119.205.137 fw tcp 1521
ACCEPT net:192.168.1.3 fw tcp 22
ACCEPT net:192.168.1.3 fw tcp 5900
ACCEPT net:192.168.1.3 fw tcp 3389
ACCEPT net:192.168.1.3 fw tcp 7001
ACCEPT net:192.168.1.3 fw tcp 1521
ACCEPT net fw tcp 80
ACCEPT net:64.240.160.0/23 fw tcp 22 #[Allowed full ip range]
#SECTION ESTABLISHED
#SECTION RELATED
INCLUDE rules.drakx
#LAST LINE -- DO NOT REMOVE
This means:
- open ports 22, 5900, 3389, 7001, 1521 for internet IP 92.119.205.137
- open ports 22, 5900, 3389, 7001, 1521 for local IP 192.168.1.3
- open port 80 for all IPs on internet
Note, that both local and remote IPs have the same zone (loc is not declared as a zone in my system).
Be careful with "tab" (each value is separated by the next with tab).
Of course you need to restart your shorewall, in order the changes to take effect:
service shorewall restart
------------------------------
--------