Victor McAllister wrote: > Tibbs, Richard wrote: > >> Folks, >> are the rules: >> accept loc fw tcp 22 >> accept fw net tcp 22 >> equivalent to >> accept loc net tcp 22 >> >> TIA, >> Rick. >> >> >> >> > No. The first one says the local net can access the firewall with ssh > The second one says the firwall can accept ssh connections from the > whole net (you should at least restrict such a rule to a particular > network or even better a single computer on the Internet).
The second rule says nothing of the sort -- it rather allows an SSH client running on the firewall to access SSH servers in the 'net' zone. Your answer to Richard's question is correct though -- Shorewall rules are not transitive (with good reason). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
