[Shorewall-newbies] Sub-Interface's

Tom Eastep teastep at shorewall.net
Sun Mar 14 18:32:12 PST 2004

sysop wrote:

> Now mine got all screwed up.  Let me try this again.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Then I have a question.  Seen as I am using virtual interfaces what is the
> point of interfaces, zones, defaultpolicies?  I assume nothing but then it
> leads to this question.  I looked in the link you published and found this
> line.
> #ACTION   SOURCE     DEST                 PROTO      DEST PORT(S)
> ACCEPT    net        $FW:  tcp        22
> What is the point of the source "net" and the variable "$FW"?

They are zone names.

> My environment
> is a single server with 8 virtual addresses.  Here is basically what I have.
> eth0      dns
> eth0:0   dns
> eth0:1    ftp/http/https
> eth0:2    ftp/http/https
> eth0:3    gameserver
> eth0:4    game server
> eth0:5    game server
> eth0:6    admin tools (ssh, webmin, plesk, etc)
> To setup my rules am I only concerned with ip addresses so in the example
> above for my eth0 and eth0:0 would look like this for DNS.
> ACCEPT tcp        53
> ACCEPT udp       53
> ACCEPT tcp        53
> ACCEPT udp       53

Then don't use Shorewall.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list