[Shorewall-users] Continue Policy

Daniel G tech@ct5.com
Thu, 11 Apr 2002 15:26:44 -0500


Hello all, just installed Shorewall -- very impressed....


My shorewall box is on a local LAN (192.168.1), there are other
computers on that LAN that would technically fall into the "net" zone.
Although I want these computers to have full access to this shorewall
box. 

The CONTINUE policy doesn't seem to do it:
( off 	$FW		CONTINUE )  {off - reffering to my local lan)

Unless I apply specific rules(i.e opening ports) 

But, if I put a rule in such as:

ACCEPT	off	$FW	all

During startup shorewall tells me this is a policy. 

My question is -- Is this an acceptable way to open access to these
local computers without creating to large of a hole?  Is there an easier
way of doing this?  Should I just RTFM?

If I don't put that rule in the continue policy just takes over and
Shorewall blocks DNS requests from my local machines... 

Thanks for any kind help...
Daniel