[Shorewall-users] Policy Rules not working as expected

Tom Eastep teastep@shorewall.net
Thu, 25 Apr 2002 06:40:07 -0700 (PDT)

On Thu, 25 Apr 2002, Patrick Benson wrote:

> Tom Eastep wrote:
> Sure, Tom, that's quite understandable....   :)  ...but it's not the
> point I'm trying to offer.
> The problem is that he may *think* he has it configured one way but it
> actually is configured totally the opposite. He mentioned, in the
> beginning, that eth0 is connected to the net and eth1 is used for his
> subnets, but his configuration was actually switched the other way
> round. What happens if he starts modifying the policies and rules and
> thinks he's doing one thing but will be doing something quite the
> opposite?.. Security should be primarily about knowing exactly what one
> is doing, not just being satisfied that it works ok for the moment..

Sorry Patrick -- I didn't pay attention to which post you were replying 
to. Yes, I agree totally that there is no reason to switch the meaning of 
'net' and 'loc' and I replied to that effect to the original poster.  

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net