[Shorewall-users] Continue Policy

Tom Eastep teastep@shorewall.net
Thu, 11 Apr 2002 13:34:01 -0700 (Pacific Daylight Time)


On Thu, 11 Apr 2002, Daniel G wrote:

> Hello all, just installed Shorewall -- very impressed....
> My shorewall box is on a local LAN (192.168.1), there are other
> computers on that LAN that would technically fall into the "net" zone.
> Although I want these computers to have full access to this shorewall
> box.
> The CONTINUE policy doesn't seem to do it:
> ( off 	$FW		CONTINUE )  {off - reffering to my local lan)
> Unless I apply specific rules(i.e opening ports)
> But, if I put a rule in such as:
> ACCEPT	off	$FW	all
> During startup shorewall tells me this is a policy.
> My question is -- Is this an acceptable way to open access to these
> local computers without creating to large of a hole?  Is there an easier
> way of doing this?  Should I just RTFM?
> If I don't put that rule in the continue policy just takes over and
> Shorewall blocks DNS requests from my local machines...

At the very least, we need to see your zones file, your hosts file and
your policy file to make any sense out of your report.

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net