[Shorewall-newbies] Sub-Interface's

Tom Eastep teastep at shorewall.net
Sun Mar 14 18:32:12 PST 2004


sysop wrote:

> Now mine got all screwed up.  Let me try this again.
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Then I have a question.  Seen as I am using virtual interfaces what is the
> point of interfaces, zones, defaultpolicies?  I assume nothing but then it
> leads to this question.  I looked in the link you published and found this
> line.
> 
> #ACTION   SOURCE     DEST                 PROTO      DEST PORT(S)
> ACCEPT    net        $FW:206.124.146.178  tcp        22
> 
> What is the point of the source "net" and the variable "$FW"?

They are zone names.


> My environment
> is a single server with 8 virtual addresses.  Here is basically what I have.
> 
> eth0      dns
> eth0:0   dns
> eth0:1    ftp/http/https
> eth0:2    ftp/http/https
> eth0:3    gameserver
> eth0:4    game server
> eth0:5    game server
> eth0:6    admin tools (ssh, webmin, plesk, etc)
> 
> To setup my rules am I only concerned with ip addresses so in the example
> above for my eth0 and eth0:0 would look like this for DNS.
> 
> ACCEPT    0.0.0.0    10.10.10.10 tcp        53
> ACCEPT    0.0.0.0    10.10.10.10 udp       53
> ACCEPT    0.0.0.0    10.10.10.11 tcp        53
> ACCEPT    0.0.0.0    10.10.10.11 udp       53
> 

Then don't use Shorewall.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list