[Shorewall-users] Errors in tos? and restricting ftp access

Tom Eastep teastep at shorewall.net
Sun Mar 27 10:12:09 PST 2005


Fred Krogh wrote:
> I promise - this time all buffers in the editor are saved!  Here
> 
> 
> mon shorewall # /etc/init.d/shorewall start
> * Starting firewall...
>   Warning: default route ignored on interface eth0
> iptables: No chain/target/match by that name
>   ERROR: Command "/sbin/iptables -t mangle -A outtos -p tcp -d 0.0.0.0/0
> --dpor
> t ssh -j TOS --set-tos 16" Failed
> /sbin/runscript.sh: line 532: 14701 Terminated             
> /sbin/shorewall star
> t >/dev/null                                                     [ !! ]
> 
> tos contains
>

Sounds like your kernel and/or iptables doesn't/don't support the TOS
target.

> ====== Another question
> 
> In params I have (numbers changed to protect the guilty)
> 
> # TRU Trusted IP addresses
> TRU=123.4.5.6,987.6.5.4
> 
> In rules (among other things) I have
> 
> AllowFTP        fw      net
> AllowFTP        net     fw
> 
> But I really only want to allow this access from $TRU.  Ideally I
> would like to an ftp session that is initiated on the firewall to be
> allowed everywhere, but other ftp sessions to the firewall to only be
> allowed from $TRU.  How is this done?
>

Come on -- RTFM!

AllowFTP	fw		net
AllowFTP	net:$TRU	fw

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


More information about the Shorewall-users mailing list