On Wednesday 11 January 2006 12:11, Jim Ford wrote: > On Wednesday 11 January 2006 10:45, Robert K Coffman Jr - Info From Data > > wrote: > > It appears that you are misunderstanding what those commands do. See > > http://www.shorewall.net/starting_and_stopping_shorewall.htm#id2507868 > > for more detail. > > And for port knocking with Shorewall 2.x, you should be looking at > http://www.shorewall.net/2.0/PortKnocking.html > > -Tom > > Thanks for the replies, Robert and Tom. I'd read the list of shorewall > commands and assumed that they enabled you to modify the > /etc/shorewall/rules on the fly from the command line. I'll have to re-read > the docs!
The commands only with with dynamic zones -- you need to enable dynamic zones in /etc/shorewall/shorewall.conf before the commands do anything. Once dynamic zones are enabled, the commands allow you to add and delete (interface,address) pairs from zones. Dynamic zones have quite limited capability and will be removed once ipsets are available in standard kernels -- defining dynamic zones defined using ipsets are much more robust than what is currently in Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgp9v3djYV17V.pgp
Description: PGP signature
