[Shorewall-users] ftp works in a strange way.....or....

Paul Gear paulgear@bigfoot.com
Mon, 29 Apr 2002 22:35:53 +1000

Goetz Reinicke wrote:

> ...
> default rule:
> local           net             ACCEPT
> So that means also, as I have enabled IP_FORWARDING, I have to disable
> some services and ports I dont want by special rule in the rule file!?
> (e.g. news)


> ...
> so with the default policy in mind, are dns requests rejected from other
> hosts to the Internet, or do I have to add a rule like
> DROP   local   net   udp   ntp,domain
> DROP   local   net   tcp   domain

What you need to remember is: rules are exceptions to policies.  So if your
policy says accept, then you must add a rule if you want to drop/reject.  The
same goes for the opposite situation.