Re: [Shorewall-users] Block port 443 (https) to Facebook.com

From: I.S.C. William <william.koalasoft_at_nospam>
Date: Thu Mar 15 2012 - 13:55:59 GMT
To: Tom Eastep <teastep@shorewall.net>, Shorewall Users <shorewall-users@lists.sourceforge.net>, "Roberto C. Sanchez" <roberto@connexer.com>

I found this iptables rule that works very well, but ..
How I can interpret this in shorewall rules?

---------------------------------------------------------------

FACEBOOK_ALLOW="192.168.1.12 192.168.1.14 192.168.1.111"
iptables -N FACEBOOK

iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
69.63.176.0-69.63.191.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
204.15.20.0-204.15.23.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
66.220.144.0-66.220.159.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
69.63.176.0-69.63.191.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
204.15.20.0-204.15.23.255 --dport 80 -j FACEBOOK

## FACEBOOK ALLOW
for face in $FACEBOOK_ALLOW; do
iptables -A FACEBOOK -s $face -j ACCEPT
done
iptables -A FACEBOOK -j REJECT

---------------------------------------------------------------
I see that IP range blocks

Greetings!!

2012/3/14 Tom Eastep <teastep@shorewall.net>
>
> On 3/14/12 1:06 PM, "I.S.C. William" <william.koalasoft@gmail.com> wrote:
>
> I understand this, telling me that the rules, I must put first the rules REJECT (if there) and then ACCEPT rules?
>
> If this could give me the syntax of the rules as they should be, I mean: REJECT rules first, then the ACCEPT rules, the rulesafter DROP, REJECT .. etc.
>
>
> There is only one thing to remember: The first rule that matches a connection determines the disposition of that connection. The exception is rules whose TARGET is LOG; those log the packet only.
>
> -Tom
> You do not need a parachute to skydive. You only need a parachute to skydive twice.
>

-- I.S.C. William López Jiménez -- User Linux # 379636 MSN wljkoala23@hotmail.com Jabber koalasoft@jabber.org Web: www.koalasoftmx.tk Twitter: @koalasoft Facebook: william.koalasoft ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users

This message: [ Message body ]
Next message: I.S.C. William: "Re: [Shorewall-users] Block port 443 (https) to Facebook.com"
Previous message: Tom Eastep: "Re: [Shorewall-users] Block port 443 (https) to Facebook.com"
Maybe in reply to: I.S.C. William: "[Shorewall-users] Block port 443 (https) to Facebook.com"
Next in thread: I.S.C. William: "Re: [Shorewall-users] Block port 443 (https) to Facebook.com"
Reply: I.S.C. William: "Re: [Shorewall-users] Block port 443 (https) to Facebook.com"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]