teastep at shorewall.net
Sun Mar 14 18:32:12 PST 2004
> Now mine got all screwed up. Let me try this again.
> Then I have a question. Seen as I am using virtual interfaces what is the
> point of interfaces, zones, defaultpolicies? I assume nothing but then it
> leads to this question. I looked in the link you published and found this
> #ACTION SOURCE DEST PROTO DEST PORT(S)
> ACCEPT net $FW:126.96.36.199 tcp 22
> What is the point of the source "net" and the variable "$FW"?
They are zone names.
> My environment
> is a single server with 8 virtual addresses. Here is basically what I have.
> eth0 dns
> eth0:0 dns
> eth0:1 ftp/http/https
> eth0:2 ftp/http/https
> eth0:3 gameserver
> eth0:4 game server
> eth0:5 game server
> eth0:6 admin tools (ssh, webmin, plesk, etc)
> To setup my rules am I only concerned with ip addresses so in the example
> above for my eth0 and eth0:0 would look like this for DNS.
> ACCEPT 0.0.0.0 10.10.10.10 tcp 53
> ACCEPT 0.0.0.0 10.10.10.10 udp 53
> ACCEPT 0.0.0.0 10.10.10.11 tcp 53
> ACCEPT 0.0.0.0 10.10.10.11 udp 53
Then don't use Shorewall.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies