On Fri, 2007-02-02 at 11:53 -0800, Tom Eastep wrote: > It does for most things. The compiler runs under the SHOREWALL_SHELL > specified in /etc/shorewall/shorewall.conf, however.
Ahhh. As just a minor point of documentation then, in http://www.shorewall.net/CompiledPrograms.html there is a note that starts out: On the administrative system, for each firewall system you do the following (this may be done by a non-root user who has root ssh access to the firewall system): ... If you are running Shorewall 3.2.6 or later then: cd <export directory> /sbin/shorewall load -c firewall Perhaps it's Ubuntu specific, but /etc/shorewall/shorewall.conf is only readable by root: -rw-r----- 1 root root 32660 2006-11-22 11:51 /etc/shorewall/shorewall.conf In any case, on to real issues... Having followed http://www.shorewall.net/CompiledPrograms.html I've run into my first issue. This is the sort of problem I predicted I would have for myself when I started down the road of doing this myself (before Tom kindly pointed out shorewall-lite). But the problem is: ERROR: Can't determine the IP address of eth1 Of course eth1 lives on the firewall, not the admin box, yet the admin box is trying to do: + find_first_interface_address eth1 + ip -f inet addr show eth1 ... That is something that is going to have to be remotely executed. In my implementation I had kind of planned on opening a single ssh session to the firewall before doing anything and keeping it open (just to beat the overhead of one shell per command) for the duration, executing commands on the shell and getting their output back. Thots? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
