[Shorewall-newbies] Trying to get shorewall to work inbound. Perhaps arp/routing issues.

Tom Eastep teastep at shorewall.net
Wed Feb 11 20:20:09 PST 2004


On Wed, 11 Feb 2004, Zot O'Connor wrote:

> Well it seem like a good idea at the time.
>
> At one time I could not get firewall rules to work per host, but that
> appears to be another issue.
>
> The real issue seems to be I had copied the INSIDE_IP config in bering
> and had set the mask to /24.
>
> When I fixed that other things sorta worked.
>
> I just removed the hosts and converted to loc:192.168.x.x style rules
> and things appear to be working...
>

When I was a young software developer (in my early thirties), I had the
opportunity to work under Pete Homan who was one of the original CICS
designers at IBM. From that fortunate experience, I came away with two
precepts of software design:

a) It should be simple to do simple things and it should be possible to do
complex things.

b) Implement the minimum function necessary to meet the requirements.

While I struggle to follow Pete's second principle, I am pretty successful
at following the first.

What you wanted to do was simple -- given Pete's first design principle,
the solution should therefore also have been simple.

What I'm trying to say here is that when dealing with Shorewall, if you
find yourself creating a complex solution to a simple problem, you are
probably off-track.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-newbies mailing list