[Shorewall-users] Continue Policy

Tom Eastep teastep@shorewall.net
Thu, 11 Apr 2002 13:34:01 -0700 (Pacific Daylight Time)


Danial,

On Thu, 11 Apr 2002, Daniel G wrote:

> Hello all, just installed Shorewall -- very impressed....
>
>
> My shorewall box is on a local LAN (192.168.1), there are other
> computers on that LAN that would technically fall into the "net" zone.
> Although I want these computers to have full access to this shorewall
> box.
>
> The CONTINUE policy doesn't seem to do it:
> ( off 	$FW		CONTINUE )  {off - reffering to my local lan)
>
> Unless I apply specific rules(i.e opening ports)
>
> But, if I put a rule in such as:
>
> ACCEPT	off	$FW	all
>
> During startup shorewall tells me this is a policy.
>
> My question is -- Is this an acceptable way to open access to these
> local computers without creating to large of a hole?  Is there an easier
> way of doing this?  Should I just RTFM?
>
> If I don't put that rule in the continue policy just takes over and
> Shorewall blocks DNS requests from my local machines...
>

At the very least, we need to see your zones file, your hosts file and
your policy file to make any sense out of your report.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net