[Shorewall-newbies] startup script

Oliver Lange bloodrock at bloody.in-berlin.de
Mon Dec 15 16:57:21 PST 2003


Francesca C. Smith wrote:
> Follow The Guidelines here
> 
> http://www.shorewall.net/support.htm
> 

The only thing I could extract from there is the following line:

   If you specify "routefilter" for an interface, that interface must be up prior to starting the 
firewall.

Indeed my 'interfaces' configuration contains this:

#ZONE	INTERFACE	BROADCAST	OPTIONS
net	ppp0		-		routefilter,norfc1918

I followed the documentation, downloaded the example two-interfaces config files tarball,
copied them over the default configs in /etc/shorewall, followed the qiuckstart guide
for a two-interfaces environment, read everything carefully and followed everything
carefully.

Now when i put 'adsl-start' into the /etc/shorewall/start script, i can see the following
message appearing on the local tty during boot:

   Warning: Cannot set route filtering on ppp0

Don't misunderstand me, the firewall doesn't fail, it starts up well and it also
seems to be running fine (so far), even if i don't forward ports yet.

I simply don't understand it, especially the meaning of the 'routefilter'
parameter. Yes, i've read the parameter description, but still don' understand it.
I'm familiar with 'Miami' on the Amiga, SuSEfirewall2 on SuSE Linux, ZoneAlarm
and OutpostFirewall on Windows, and now I've installed a fresh new router using
shorewall on a gentoo-Linux box.

Each of these firewalls didn't enforce me to learn much about routing & firewalling.
Shorewall is no doubt one of the easiest & coolest Linux firewalls i've ever seen, but
I just ask myself what I can do to avoid that boot warning. I wonder whatever for
the 'routefilter' parameter is used, and if i need it at all.

I'd like to continue starting adsl from /etc/shorewall/start, just to make sure
that the firewall is up & running before adsl, no chance for any time window
within my network is unprotected.

Sorry for the long mail, I just hope I made myself a bit more clear now ?

Thanks in advance for any hint..



More information about the Shorewall-newbies mailing list