Hi, a little OT, but I think worth pointing out: On 3/28/07, Toralf Niebuhr <[EMAIL PROTECTED]> wrote: > I have multiple cients in my network and a server with > dhcp,shorewal,.... > I wanted the server to be a realy tight firewall. > > so i created this /etc/shorewall/policy file > > loc net DROP > loc loc ACCEPT > loc fw ACCEPT > fw all ACCEPT > net all DROP > all all REJECT
You do realize that this is really not a tight firewall. Giving your whole local network access to anything on the firewall is not a good idea. Also, for a 'tight' system, I would restrict outgoing requests from the firewall, at least to the net. And why do you have a 'loc loc ACCEPT' policy? Wouldn't that be only needed for bridges? You might be ok with your current setup, and I don't mean to criticize, but please don't call it tight :-) ~David ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
