Hi Marc,
One thing I did not get here: Is it possible to set more than one protocol,port per IP-address (i.e. listing internal computers with explicit access to www, smb, nfs, ssh while listing the timeserver only with access to ntp? And what might be the syntax here (more comma-separated stuff
IP1,Protocol1,PortOfProtocol1,Protocol2,PortOfProtocol2
or a (very long) list of
IP1,Protocol1,PortOfProtocol1 IP1(thesame),Protocol2,PortOfProtocol2
etc."?
--> I think you have to use the latter version. If I understand the concept right, the firewall script builds a long list of packets that are accepted. Everything that has not been accepted when the end of the list is reached is discarded (DROPed or REJECTed). So it should work to specify the same IP more than once. Just try! To make the list shorter, you can specify netmasks instead of single IPs. Good luck! Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50