[Shorewall-newbies] First line "ACCEPT from anywhere to anywhere"
OK?
Greg Bell
gregbell at znet.com
Sun Jan 18 22:11:25 PST 2004
Hi Newbie-question-answerers,
I followed the 2-interface quickstart (I have a linux box with two NICs,
one's connected to a DSL modem, the other to my home network).
After shorewall does its thing, I did a iptables -L and noticed the first
line of the INPUT policy is an ACCEPT from anywhere to anywhere:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
ppp0_in all -- anywhere anywhere
eth1_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Is this bad? There's a later reject, but is iptables like ipchains where
the first rule that matches is the one that applies?
Thanks for the time,
~Greg Bell
--
Here's my required info:
# shorewall version
1.4.8
# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:95:31:d5:cc brd ff:ff:ff:ff:ff:ff
5: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:95:31:d2:ca brd ff:ff:ff:ff:ff:ff
inet 10.1.0.3/16 brd 10.1.255.255 scope global eth1
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 63.207.129.253 peer 63.207.131.254/32 scope global ppp0
# ip route show
63.207.131.254 dev ppp0 proto kernel scope link src 63.207.129.253
10.1.0.0/16 dev eth1 scope link
169.254.0.0/16 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 63.207.131.254 dev ppp0
--
Greg Bell 858-755-1915 (try gbell_spamless at yahoo.com if mail to me bounces)
More information about the Shorewall-newbies
mailing list