[Shorewall-users] ftp works in a strange way.....or....
Mon, 29 Apr 2002 22:35:53 +1000
Goetz Reinicke wrote:
> default rule:
> local net ACCEPT
> So that means also, as I have enabled IP_FORWARDING, I have to disable
> some services and ports I dont want by special rule in the rule file!?
> (e.g. news)
> so with the default policy in mind, are dns requests rejected from other
> hosts to the Internet, or do I have to add a rule like
> DROP local net udp ntp,domain
> DROP local net tcp domain
What you need to remember is: rules are exceptions to policies. So if your
policy says accept, then you must add a rule if you want to drop/reject. The
same goes for the opposite situation.