Hi! I have decent experience with self-maded iptables script for my 3-legged firewall.
Now I'm trying shorewall (3.2.6 on Debian stable) for my web-server in DMZ and I have these questions. 1. How iptables default policy of built-in chains (iptables -P) affect shorewall behaviour? 2. Why default policy of built-in chains for stopped state is ACCEPT insteed of DROP/REJECT for extra security and hardcoded in shorewall? Can I configure default policy of built-in chains for running and stopped shorewall states respectively? "start" sript with iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP lines work well, but "stopped" script with same lines don't work for me (policies is still ACCEPT after "shorewall stop"). Thanks! ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
