> > ------------------------------- > the result of grep command after first configuration > > /etc/shorewall/zones:net Net Internet zone > /etc/shorewall/interfaces:net eth0 detect > /etc/shorewall/policy:fw net ACCEPT > /etc/shorewall/policy:net all DROP info > /etc/shorewall/policy:all all REJECT info > /etc/shorewall/rules:ACCEPT net fw udp 53 - > /etc/shorewall/rules:ACCEPT net fw tcp 53,109,110,143 - > > > masq file has no entries > > I figured it out, the interface entry should be ppp0 not eth0 even > though in the example 1 in the interface configuration file it has a DSL > being reference as eth0. > > My setup would be the default for a standalone workstation with DSL so > many people will have the same problem. A check for a pppX connection > should be done.
The idea is that one should configure tinyfirewall when connected to the net in order to have a ppp interface ... wich is a bit stupid. We'll have indeed to check for a ipppx or pppx interface. I'll have a look at it. > Also I would include a welcoming note if any problems occur that > returning to tinyfirewall and selecting no firewall will undo any > settings. I so-so understand how the firewall works now imagine someone > who makes the adjustment and loses their connection? The support lines > will light up. > > > All I did was change eth0 to ppp0 after running firewall and it worked. > > /etc/shorewall/zones:net Net Internet zone > /etc/shorewall/interfaces:net ppp0 detect > /etc/shorewall/policy:fw net ACCEPT > /etc/shorewall/policy:net all DROP info > /etc/shorewall/policy:all all REJECT info > /etc/shorewall/rules:ACCEPT net fw udp 53 - > /etc/shorewall/rules:ACCEPT net fw tcp 53,109,110,143 - > > > > Since I have your attention... I tested using shields up and those port shields up ? > still accept connections from outside sources. Grant not a large > security risk but for a standalone workstation all ports should be > reject connections - total stealth. Now this would become important if > someone has a static IP since the machine can still be detected and > attacked. > > I would recommend client or server setups. The server setup would allow > incoming connections. The client would refuse all incoming connections > and allow limited outgoing connections. Speaking of which do you know of > where I can find example of the latter? what do mean by "limited outgoing connections" ? > Gabriel > > -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
