> > On my router I have the following policy: > > > > loc net ACCEPT > > loc $FW ACCEPT > > loc all REJECT > > $FW net ACCEPT > > $FW loc REJECT > > $FW all REJECT > > net $FW DROP > > net loc DROP > > net all DROP > > all all REJECT > > > > and the following rules: > > > > DNAT net loc:192.168.0.3 tcp 50000 > > DNAT net loc:192.168.0.3 udp 50000 > > ACCEPT $FW loc icmp > > ACCEPT $FW net icmp > > > > And yet I'm able to ssh from a machine on the local network to the > > router via the external IP address. Does the router still know that > > I'm coming from the inside and thus allow it > > Of course -- would you really want to use a firewall that was so easily > outwitted?
Ok, sounds like no cause for alarm. > > Also a bittorrent client works on 192.168.0.3 even though I'm > > forwarding a different port than the one the client is set to listen > > on. How can that be? > > > > While I don't use bittorrent, myself, IIRC the client will somewhat work > with incoming connections blocked. But how can it possibly do that? - Grant ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
