sysop at gamebottle.com
Sun Mar 14 19:04:52 PST 2004
Um wtf is "Then don't use Shorewall."? I'm asking a question to find out
how to use Shorewall for my environment. Either I can or I can't. If I can
I need to understand how.
----- Original Message -----
From: "Tom Eastep" <teastep at shorewall.net>
To: "List for New Shorewall Users" <shorewall-newbies at lists.shorewall.net>
Sent: Sunday, March 14, 2004 9:32 PM
Subject: Re: [Shorewall-newbies] Sub-Interface's
> sysop wrote:
> > Now mine got all screwed up. Let me try this again.
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Then I have a question. Seen as I am using virtual interfaces what is
> > point of interfaces, zones, defaultpolicies? I assume nothing but then
> > leads to this question. I looked in the link you published and found
> > line.
> > #ACTION SOURCE DEST PROTO DEST PORT(S)
> > ACCEPT net $FW:22.214.171.124 tcp 22
> > What is the point of the source "net" and the variable "$FW"?
> They are zone names.
> > My environment
> > is a single server with 8 virtual addresses. Here is basically what I
> > eth0 dns
> > eth0:0 dns
> > eth0:1 ftp/http/https
> > eth0:2 ftp/http/https
> > eth0:3 gameserver
> > eth0:4 game server
> > eth0:5 game server
> > eth0:6 admin tools (ssh, webmin, plesk, etc)
> > To setup my rules am I only concerned with ip addresses so in the
> > above for my eth0 and eth0:0 would look like this for DNS.
> > ACCEPT 0.0.0.0 10.10.10.10 tcp 53
> > ACCEPT 0.0.0.0 10.10.10.10 udp 53
> > ACCEPT 0.0.0.0 10.10.10.11 tcp 53
> > ACCEPT 0.0.0.0 10.10.10.11 udp 53
> Then don't use Shorewall.
> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep at shorewall.net
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
More information about the Shorewall-newbies