I have a set of 3 computers on my network that our operators use for their job. These computers have limited internet access defined by iptables rules I have set up. Currently, when I want to alter a rule, I have to make the change 3 times. What I would like to do is leave the outbound filtering up to our router (which is running Shorewall) and not up to the computers themselves.
The easiest way (I would imagine) is to create some sort of a usergroup in Shorewall that I could add these 3 computers as members and then create rules for that usergroup. Any future changes I would need to make would only need to be done once.
Therein lies my problem. I'm not too familiar with Shorewall, and I don't know how to make a usergroup (or if it's even possible). Knowing what I'd like to do, have any of you any suggestions on a way for me to set this up in Shorewall? If the solution is advanced, please post it anyway, as I'm pretty good at picking this stuff up once I see how it's done.
Thanks in advance, Jay