[Shorewall-newbies] startup script

Francesca C. Smith fsmith at ladylinux.com
Mon Dec 15 11:46:07 PST 2003


Hello,

Quoted from the Shorewall documentation .. 

"routefilter
        
        Invoke the Kernel's route filtering (anti-spoofing) facility on
        this interface. The kernel will reject any packets incoming on
        this interface that have a source address that would be routed
        outbound through another interface on the firewall.
        
        
        Warning
        If you specify this option for an interface then the interface
        must be up prior to starting the firewall."
        
Francesca
        
        
> > Follow The Guidelines here
> > 
> > http://www.shorewall.net/support.htm
> > 
> 
> The only thing I could extract from there is the following line:
> 
>    If you specify "routefilter" for an interface, that interface must be up prior to starting the 
> firewall.
> 
> Indeed my 'interfaces' configuration contains this:
> 
> #ZONE	INTERFACE	BROADCAST	OPTIONS
> net	ppp0		-		routefilter,norfc1918
> 
> I followed the documentation, downloaded the example two-interfaces config files tarball,
> copied them over the default configs in /etc/shorewall, followed the qiuckstart guide
> for a two-interfaces environment, read everything carefully and followed everything
> carefully.
> 
> Now when i put 'adsl-start' into the /etc/shorewall/start script, i can see the following
> message appearing on the local tty during boot:
> 
>    Warning: Cannot set route filtering on ppp0
> 
> Don't misunderstand me, the firewall doesn't fail, it starts up well and it also
> seems to be running fine (so far), even if i don't forward ports yet.
> 
> I simply don't understand it, especially the meaning of the 'routefilter'
> parameter. Yes, i've read the parameter description, but still don' understand it.
> I'm familiar with 'Miami' on the Amiga, SuSEfirewall2 on SuSE Linux, ZoneAlarm
> and OutpostFirewall on Windows, and now I've installed a fresh new router using
> shorewall on a gentoo-Linux box.
> 
> Each of these firewalls didn't enforce me to learn much about routing & firewalling.
> Shorewall is no doubt one of the easiest & coolest Linux firewalls i've ever seen, but
> I just ask myself what I can do to avoid that boot warning. I wonder whatever for
> the 'routefilter' parameter is used, and if i need it at all.
> 
> I'd like to continue starting adsl from /etc/shorewall/start, just to make sure
> that the firewall is up & running before adsl, no chance for any time window
> within my network is unprotected.
> 
> Sorry for the long mail, I just hope I made myself a bit more clear now ?
> 
> Thanks in advance for any hint..
> 
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
> 



More information about the Shorewall-newbies mailing list