teastep at shorewall.net
Sun Mar 14 09:27:40 PST 2004
>>From what I have read Shorewall does not recognize vitual interfaces.
iptables doesn't recognize "virtual interfaces" so neither does Shorewall.
Is my only option to include ip specific rules.
The one thing that attracted me to Shorwall was the fact that I can group my
interfaces and apply rules. If there is something I'm missing, please
let me know.
The treatment of virtual interfaces and Shorewall is covered in
Also, I installed 2.0 for the first timethe other day. I added some
rules for one
of my interfaces by ip address. I started Shorewall and completely
out of the server. Unfortuantely, I had to get someone to reboot the
interrupt the boot to prevent Shorewall from starting.
I need a explicit allow line to allow me to connect in the event my acl
I will figure it out while I begin developing my ruleset but would like
certain that I can connect back.
To try new rules remotely, you should place the updated files in a
separate directory and use the 'try' command with a timeout. That way,
your old rules will be reinstalled after the timeout expires. If the new
rules lock you out, it will only be temporary.
Before you try to administer a Shorewall firewall remotely, you should
of course be sure that your remote IP address is listed in
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies