My network address is 192.168.5.0. My host machine is 192.168.5.1 and my client machine is 192.168.5.2. How will I enable my client to ping the internet through the terminal but restrict it from using port 80 or the browser? Below is my /etc/shorewall/policy file :
SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT
loc net ACCEPT
net all DROP info/etc/shorewall/rules file:
DROP loc fw tcp 80/etc/shorewall/interfaces file :
net eth0
loc eth1Host Interfaces:
eth0 - Connection to the internet
eth1 - Local Network ConnectionPlease tell me, if I still have to provide more details. Using the configuration above, my client is unable to ping any internet website and at the same time cant access any site from the browser.
1 Answer
On rules, when you use:
DROP loc fw tcp 80Your're saying: disallow local network zone (loc) from access port TCP/80 on zone fw. But your conf shows no zone called fw (probably you meant $FW, but that would represent the firewall machine itself). You could try something like this:
Ping(ACCEPT) loc net
HTTP(DROP) loc net
HTTPS(DROP) loc netAFAICR, shorewall adds a DROP ALL rule at the end of each chain*, so the two rules for dropping HTTP and HTTPS could be removed (because everything that isn't explicitly allowed is blocked by the final DROP ALL rule).
*This behaviour is defined at the policy file.
