[Shorewall-users] Problem with my simple local+ net shorewall configuration

troy at troyandtina.com troy at troyandtina.com
Mon Dec 1 16:24:18 PST 2003


Jim,

Are you using 1 NIC and sitting behind a Linksys/D-Link type of gateway 
connected to the DSL Modem ?

Quoting Jimi Frechette <djimix at free.fr>:

> Hi!
> I've just installed the new mandrake 9.2 on my linux box. I've also
> installed shorewall in order to make my linux box a firewall. But it doesn't
> seem to work.
> I've tried to apply the HOWTO config but still doesn't work. Can anybody
> help me out?
> Here is my network
> 
> Window                        Linux
> |192.168.0.2| <--------> eth0:192.168.0.1    eth1 : adsl dhcp <------>
> Internet
> 
> My Windows has gateway configured at 192.168.0.1
> 
> Quite simple network! I can ping everything from my linux box but I can't
> ping my linux from my windows PC although my policy permits it!
> I now think it may be a kernel problem?
> 
> Here are my config files:
> 
> ZONES:
> # Shorewall 1.4 /etc/shorewall/zones
> #
> # This file determines your network zones. Columns are:
> #
> #     ZONE        Short name of the zone (5 Characters or less in length).
> #     DISPLAY           Display name of the zone
> #     COMMENTS    Comments about the zone
> #
> #ZONE DISPLAY           COMMENTS
> net   Net   Internet zone
> loc   Local Local
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
> 
> 
> No RULES
> 
> POLICY:
> #SOURCE           DEST        POLICY            LOG LEVEL   LIMIT:BURST
> loc   net   ACCEPT
> fw    net   ACCEPT
> net   all   DROP  info
> fw    loc   ACCEPT
> loc   fw    ACCEPT
> #all  all   ACCEPT      info
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> 
> MASQ:
> 
> #INTERFACE          SUBNET          ADDRESS
> 
> eth1  eth0
> 
> 
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> 
> INTERFACES:
> 
> #ZONE INTERFACE  BROADCAST   OPTIONS
> net   eth1  detect      dhcp
> loc   eth0  detect
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> 
> 
> 
> EXPORT OF VERSION, IP ADDR, IP ROUTE OTHER STUFF:
> 
> 1.4.6c
> 
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>         inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
>       2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>           link/ether 52:54:00:e7:35:8e brd ff:ff:ff:ff:ff:ff
>               inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
>             3: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc
> pfifo_fast qlen 100
>                 link/ether 00:0d:88:19:bd:5c brd ff:ff:ff:ff:ff:ff
>                     inet 127.255.255.255/8 brd 127.255.255.255 scope host
> eth1:9
>                       inet 81.57.22.44/24 brd 81.57.22.255 scope global eth1
> 
> 
> 81.57.22.0/24 dev eth1  proto kernel  scope link  src 81.57.22.44
> 192.168.0.0/24 dev eth0  scope link
> 127.0.0.0/8 dev lo  scope link
> default via 81.57.22.254 dev eth1
> 
> 
> STATUS (SORRY FOR THE LENGTH)
> 
> Shorewall-1.4.6c Status at gate - dim nov 30 18:37:05 CET 2003
> 
> Counters reset Sun Nov 30 18:22:48 CET 2003
> 
> Chain INPUT (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     2   168 ACCEPT     all  --  lo     *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 DROP      !icmp --  *      *       0.0.0.0/0
> 0.0.0.0/0          state INVALID
>   285 98190 eth1_in    all  --  eth1   *       0.0.0.0/0
> 0.0.0.0/0
>    51  5670 eth0_in    all  --  eth0   *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 common     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 LOG        all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:'
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 DROP      !icmp --  *      *       0.0.0.0/0
> 0.0.0.0/0          state INVALID
>     0     0 eth1_fwd   all  --  eth1   *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 eth0_fwd   all  --  eth0   *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 common     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 LOG        all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:FORWARD:DROP:'
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     2   168 ACCEPT     all  --  *      lo      0.0.0.0/0
> 0.0.0.0/0
>     0     0 DROP      !icmp --  *      *       0.0.0.0/0
> 0.0.0.0/0          state INVALID
>     0     0 ACCEPT     udp  --  *      eth1    0.0.0.0/0
> 0.0.0.0/0          udp dpts:67:68
>   301 37335 fw2net     all  --  *      eth1    0.0.0.0/0
> 0.0.0.0/0
>    59  3213 fw2loc     all  --  *      eth0    0.0.0.0/0
> 0.0.0.0/0
>     0     0 common     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 LOG        all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:OUTPUT:DROP:'
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain common (4 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 reject     udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          udp dpt:135
>     0     0 reject     udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          udp dpts:137:139
>     0     0 reject     udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          udp dpt:445
>     0     0 reject     tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:139
>     0     0 reject     tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:445
>     7   336 reject     tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:135
>     0     0 DROP       udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          udp dpt:1900
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 255.255.255.255
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 224.0.0.0/4
>     0     0 reject     tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:113
>     1    65 DROP       udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          udp spt:53 state NEW
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 127.255.255.255
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 192.168.0.255
> 
> Chain dynamic (4 references)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Chain eth0_fwd (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 dynamic    all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 loc2net    all  --  *      eth1    0.0.0.0/0
> 0.0.0.0/0
> 
> Chain eth0_in (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>    51  5670 dynamic    all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>    51  5670 loc2fw     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain eth1_fwd (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 dynamic    all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 net2all    all  --  *      eth0    0.0.0.0/0
> 0.0.0.0/0
> 
> Chain eth1_in (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>   285 98190 dynamic    all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          udp dpts:67:68
>   285 98190 net2all    all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain fw2loc (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>    52  2697 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state RELATED,ESTABLISHED
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state NEW tcp flags:!0x16/0x02
>     7   516 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain fw2net (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>   238 33433 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state RELATED,ESTABLISHED
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state NEW tcp flags:!0x16/0x02
>    63  3902 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain icmpdef (0 references)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Chain loc2fw (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>    37  5014 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state RELATED,ESTABLISHED
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state NEW tcp flags:!0x16/0x02
>    14   656 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain loc2net (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state RELATED,ESTABLISHED
>     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state NEW tcp flags:!0x16/0x02
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain net2all (2 references)
>  pkts bytes target     prot opt in     out     source
> destination
>   264 96957 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state RELATED,ESTABLISHED
>     7   280 newnotsyn  tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          state NEW tcp flags:!0x16/0x02
>    14   953 common     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>     6   552 LOG        all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
>     6   552 DROP       all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain newnotsyn (5 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     7   280 LOG        all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:newnotsyn:DROP:'
>     7   280 DROP       all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain reject (7 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     7   336 REJECT     tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          reject-with tcp-reset
>     0     0 REJECT     udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          reject-with icmp-port-unreachable
>     0     0 REJECT     icmp --  *      *       0.0.0.0/0
> 0.0.0.0/0          reject-with icmp-host-unreachable
>     0     0 REJECT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          reject-with icmp-host-prohibited
> 
> Chain shorewall (0 references)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Nov 29 13:57:41 marcadet-1-81-57-22-44 Shorewall:newnotsyn:DROP:IN=eth1 OUT=
> SRC=81.57.213.81 DST=81.57.22.44 LEN=40 TOS=0x00 PREC=0x00 TTL=124 ID=61841
> PROTO=TCP SPT=1463 DPT=1786 WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 29 13:59:47 marcadet-1-81-57-22-44 Shorewall:newnotsyn:DROP:IN=eth1 OUT=
> SRC=81.57.135.15 DST=81.57.22.44 LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=34004
> PROTO=TCP SPT=2620 DPT=1419 WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 29 14:00:04 marcadet-1-81-57-22-44 Shorewall:newnotsyn:DROP:IN=eth1 OUT=
> SRC=81.57.75.95 DST=81.57.22.44 LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=45722
> PROTO=TCP SPT=2782 DPT=1014 WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 29 14:00:40 marcadet-1-81-57-22-44 Shorewall:newnotsyn:DROP:IN=eth1 OUT=
> SRC=81.57.115.58 DST=81.57.22.44 LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=63212
> PROTO=TCP SPT=1025 DPT=1379 WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 29 14:00:44 marcadet-1-81-57-22-44 Shorewall:newnotsyn:DROP:IN=eth1 OUT=
> SRC=81.57.132.123 DST=81.57.22.44 LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=15000
> PROTO=TCP SPT=1025 DPT=1969 WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 29 14:00:59 marcadet-1-81-57-22-44 Shorewall:newnotsyn:DROP:IN=eth1 OUT=
> SRC=81.57.219.169 DST=81.57.22.44 LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=25826
> PROTO=TCP SPT=2724 DPT=1656 WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 29 14:01:35 marcadet-1-81-57-22-44 Shorewall:net2all:DROP:IN=eth1 OUT=
> SRC=81.57.2.149 DST=81.57.22.44 LEN=92 TOS=0x00 PREC=0x00 TTL=123 ID=17383
> PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=1573
> Nov 30 18:28:27 newnotsyn:DROP:IN=eth1 OUT= SRC=81.57.128.99 DST=81.57.22.44
> LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=60768 PROTO=TCP SPT=2447 DPT=1497
> WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 30 18:28:44 net2all:DROP:IN=eth1 OUT= SRC=81.57.2.31 DST=81.57.22.44
> LEN=92 TOS=0x00 PREC=0x00 TTL=123 ID=49651 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=45802
> Nov 30 18:29:13 net2all:DROP:IN=eth1 OUT= SRC=81.57.117.152 DST=81.57.22.44
> LEN=92 TOS=0x00 PREC=0x00 TTL=123 ID=52071 PROTO=ICMP TYPE=8 CODE=0 ID=768
> SEQ=60679
> Nov 30 18:29:13 net2all:DROP:IN=eth1 OUT= SRC=81.57.70.83 DST=81.57.22.44
> LEN=92 TOS=0x00 PREC=0x00 TTL=123 ID=18645 PROTO=ICMP TYPE=8 CODE=0 ID=768
> SEQ=2085
> Nov 30 18:29:25 newnotsyn:DROP:IN=eth1 OUT= SRC=81.57.191.90 DST=81.57.22.44
> LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=34710 PROTO=TCP SPT=2169 DPT=1078
> WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 30 18:29:25 newnotsyn:DROP:IN=eth1 OUT= SRC=81.57.191.90 DST=81.57.22.44
> LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=34711 PROTO=TCP SPT=2169 DPT=1078
> WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 30 18:30:30 newnotsyn:DROP:IN=eth1 OUT= SRC=81.57.219.169
> DST=81.57.22.44 LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=60547 PROTO=TCP
> SPT=1311 DPT=1031 WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 30 18:31:59 newnotsyn:DROP:IN=eth1 OUT= SRC=81.57.48.41 DST=81.57.22.44
> LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=34276 PROTO=TCP SPT=2506 DPT=1208
> WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 30 18:33:39 net2all:DROP:IN=eth1 OUT= SRC=81.57.92.117 DST=81.57.22.44
> LEN=92 TOS=0x00 PREC=0x00 TTL=123 ID=26347 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=3621
> Nov 30 18:34:30 net2all:DROP:IN=eth1 OUT= SRC=81.56.192.142 DST=81.57.22.44
> LEN=92 TOS=0x00 PREC=0x00 TTL=123 ID=62023 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=1827
> Nov 30 18:35:14 newnotsyn:DROP:IN=eth1 OUT= SRC=81.57.222.31 DST=81.57.22.44
> LEN=40 TOS=0x00 PREC=0x00 TTL=123 ID=3887 PROTO=TCP SPT=1025 DPT=1693
> WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 30 18:35:36 newnotsyn:DROP:IN=eth1 OUT= SRC=81.57.188.75 DST=81.57.22.44
> LEN=40 TOS=0x00 PREC=0x00 TTL=124 ID=8587 PROTO=TCP SPT=1025 DPT=1799
> WINDOW=0 RES=0x00 ACK RST URGP=0
> Nov 30 18:35:37 net2all:DROP:IN=eth1 OUT= SRC=81.59.124.140 DST=81.57.22.44
> LEN=92 TOS=0x00 PREC=0x00 TTL=111 ID=56291 PROTO=ICMP TYPE=8 CODE=0 ID=512
> SEQ=45613
> 
> NAT Table
> 
> Chain PREROUTING (policy ACCEPT 124 packets, 6071 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Chain POSTROUTING (policy ACCEPT 93 packets, 5769 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>    70  4182 eth1_masq  all  --  *      eth1    0.0.0.0/0
> 0.0.0.0/0
> 
> Chain OUTPUT (policy ACCEPT 86 packets, 5489 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Chain eth1_masq (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 MASQUERADE  all  --  *      *       192.168.0.0/24
> 0.0.0.0/0
> 
> Mangle Table
> 
> Chain PREROUTING (policy ACCEPT 587 packets, 241K bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>   375  106K pretos     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain INPUT (policy ACCEPT 521 packets, 238K bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Chain OUTPUT (policy ACCEPT 540 packets, 56294 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>   362 40716 outtos     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> 
> Chain POSTROUTING (policy ACCEPT 540 packets, 56294 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Chain outtos (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:22 TOS set 0x10
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp spt:22 TOS set 0x10
>    42  2349 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:21 TOS set 0x10
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp spt:21 TOS set 0x10
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp spt:20 TOS set 0x08
>     4   168 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:20 TOS set 0x08
> 
> Chain pretos (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:22 TOS set 0x10
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp spt:22 TOS set 0x10
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:21 TOS set 0x10
>    28  2048 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp spt:21 TOS set 0x10
>     6  2678 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp spt:20 TOS set 0x08
>     0     0 TOS        tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0          tcp dpt:20 TOS set 0x08
> 
> 
> 
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Subscribe/Unsubscribe:
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
> 





More information about the Shorewall-users mailing list