> > > I don't know, now that I've set up shorewall on my router it seems > > > like a simple matter to set it up on another machine. I should only > > > need to edit a few config files with very light additions. > > > > > > - Grant > > > > Understand - to be honest I have moved to shorewall on almost all my > > machines for uniformity, even though its rather more complex than > > needed. > > > > > > BillK > > How does this /etc/shorewall/rules look for my router? > > DNS/ACCEPT $FW net > Ping/REJECT net $FW > DNAT net loc:192.168.0.3 tcp 50000 > DNAT net loc:192.168.0.3 udp 50000 > ACCEPT $FW loc icmp > ACCEPT $FW net icmp > > Does this reject ssh requests from the net zone or do I need to > specify that? It looks like maybe there is another set of basic > ACCEPT/REJECT configs that this is modifying. Does anyone know which > file that might reside in? If this looks good I'll set up something > similar on the laptop. > > - Grant
I was looking for the /etc/shorewall/policy file. Something weird though. I have this in my policy file: net $FW DROP net loc DROP net all DROP And yet I'm able to ssh from a machine on the local network to the router via the external IP address. Does the router still know I'm coming from the inside and thus allow it or is something wrong here? - Grant -- [EMAIL PROTECTED] mailing list