On Wed, 2011-08-31 at 16:05 +0100, Ed W wrote: > Hi, can I propose a new standard rule file: macro.MAIL > > ############################################################################### > #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ > # PORT(S) PORT(S) LIMIT GROUP > IMAP(PARAM) - - - > IMAPS(PARAM) - - - > > POP3(PARAM) - - - > POP3S(PARAM) - - - > > SMTP(PARAM) - - - > SMTPS(PARAM) - - - > Submission(PARAM) - - - > > > I think it's normal where we want to allow "mail" to allow all mail > protocols.
I have mixed feelings about omnibus macros like this; I think they encourage naive users to open many more ports than are really needed. > Additionally there might be a case for including the Submission in the > examples here?: > http://www.shorewall.net/ports.htm#SMTP > That web page was created prior to the invention of Shorewall macros; a case could be made that *every* macro should be documented there but that isn't going to happen. I would prefer to change that page such that it instructs the user how to find the macro that handles a particular application rather than to expand it with selected applications. Anyone else have an opinion? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
