Mike Purnell wrote: > My first encounter with shorewall months ago resulted in failure to get > it working. I resorted to doing iptables rules directly. I'm back for > more and beating my head against the same issue. I am following > instructions here: <http://www.shorewall.net/two-interface.htm> > > I have a webserver/firewall sitting on a single, public IP. My issue is > that when I start shorewall, I receive the error message "ERROR: Only > one firewall zone may be defined" unless I delete (or comment out) my > firewall zone in /etc/shorewall/zones like this: > > #fw firewall > loc ipv4 > net ipv4 > > These are the ONLY zones defined.
You are following the Shorewall 4.0 instructions but are running some earlier version with the shorewall.conf file not matching the version of Shorewall. The shorewall.conf file you are using either has IPSECFILE=ipsec, IPSECFILE=, or doesn't contain an IPSECFILE specification. It should contain IPSECFILE=zone. It may also contain an explicit setting for FW (e.g., FW=fw). That should also be removed. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
