i added this line >> loc loc ACCEPT because i din't know if the firewall could/would do anything if i want to send file from one client to another.
and those are ok (i think so) >> loc fw ACCEPT >> fw all ACCEPT because i know exactly what service are runing on my server an i didn't want to bother writing rules for each one of them. Am 28.03.2007 um 18:30 schrieb David Mohr: > Hi, > a little OT, but I think worth pointing out: > > On 3/28/07, Toralf Niebuhr <[EMAIL PROTECTED]> wrote: >> I have multiple cients in my network and a server with >> dhcp,shorewal,.... >> I wanted the server to be a realy tight firewall. >> >> so i created this /etc/shorewall/policy file >> >> loc net DROP >> loc loc ACCEPT >> loc fw ACCEPT >> fw all ACCEPT >> net all DROP >> all all REJECT > > You do realize that this is really not a tight firewall. Giving your > whole local network access to anything on the firewall is not a good > idea. Also, for a 'tight' system, I would restrict outgoing requests > from the firewall, at least to the net. And why do you have a 'loc loc > ACCEPT' policy? Wouldn't that be only needed for bridges? > > You might be ok with your current setup, and I don't mean to > criticize, but please don't call it tight :-) > > ~David > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
