[Shorewall-newbies] Trying to get shorewall to work inbound.
Perhaps arp/routing issues.
teastep at shorewall.net
Wed Feb 11 20:20:09 PST 2004
On Wed, 11 Feb 2004, Zot O'Connor wrote:
> Well it seem like a good idea at the time.
> At one time I could not get firewall rules to work per host, but that
> appears to be another issue.
> The real issue seems to be I had copied the INSIDE_IP config in bering
> and had set the mask to /24.
> When I fixed that other things sorta worked.
> I just removed the hosts and converted to loc:192.168.x.x style rules
> and things appear to be working...
When I was a young software developer (in my early thirties), I had the
opportunity to work under Pete Homan who was one of the original CICS
designers at IBM. From that fortunate experience, I came away with two
precepts of software design:
a) It should be simple to do simple things and it should be possible to do
b) Implement the minimum function necessary to meet the requirements.
While I struggle to follow Pete's second principle, I am pretty successful
at following the first.
What you wanted to do was simple -- given Pete's first design principle,
the solution should therefore also have been simple.
What I'm trying to say here is that when dealing with Shorewall, if you
find yourself creating a complex solution to a simple problem, you are
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies