[Shorewall-users] Policy Rules not working as expected
Thu, 25 Apr 2002 06:40:07 -0700 (PDT)
On Thu, 25 Apr 2002, Patrick Benson wrote:
> Tom Eastep wrote:
> Sure, Tom, that's quite understandable.... :) ...but it's not the
> point I'm trying to offer.
> The problem is that he may *think* he has it configured one way but it
> actually is configured totally the opposite. He mentioned, in the
> beginning, that eth0 is connected to the net and eth1 is used for his
> subnets, but his configuration was actually switched the other way
> round. What happens if he starts modifying the policies and rules and
> thinks he's doing one thing but will be doing something quite the
> opposite?.. Security should be primarily about knowing exactly what one
> is doing, not just being satisfied that it works ok for the moment..
Sorry Patrick -- I didn't pay attention to which post you were replying
to. Yes, I agree totally that there is no reason to switch the meaning of
'net' and 'loc' and I replied to that effect to the original poster.
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org