[Shorewall-newbies] Trying to get shorewall to work inbound. Perhaps arp/routing issues.

Francesca C. Smith fsmith at ladylinux.com
Wed Feb 11 20:56:20 PST 2004


Hello,

Well said Tom,

My Hero is Grace Hopper .. So I know what you are saying :-)

Francesca


On Wed, 2004-02-11 at 23:20, Tom Eastep wrote:
> On Wed, 11 Feb 2004, Zot O'Connor wrote:
> 
> > Well it seem like a good idea at the time.
> >
> > At one time I could not get firewall rules to work per host, but that
> > appears to be another issue.
> >
> > The real issue seems to be I had copied the INSIDE_IP config in bering
> > and had set the mask to /24.
> >
> > When I fixed that other things sorta worked.
> >
> > I just removed the hosts and converted to loc:192.168.x.x style rules
> > and things appear to be working...
> >
> 
> When I was a young software developer (in my early thirties), I had the
> opportunity to work under Pete Homan who was one of the original CICS
> designers at IBM. From that fortunate experience, I came away with two
> precepts of software design:
> 
> a) It should be simple to do simple things and it should be possible to do
> complex things.
> 
> b) Implement the minimum function necessary to meet the requirements.
> 
> While I struggle to follow Pete's second principle, I am pretty successful
> at following the first.
> 
> What you wanted to do was simple -- given Pete's first design principle,
> the solution should therefore also have been simple.
> 
> What I'm trying to say here is that when dealing with Shorewall, if you
> find yourself creating a complex solution to a simple problem, you are
> probably off-track.
> 
> -Tom
> --
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep at shorewall.net
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
-- 
"No Problems Only Solutions"
Lady Linux Internet Services
Baltimore, MD 21217
http://www.ladylinux.com



More information about the Shorewall-newbies mailing list