Tom Allison wrote: > Isn't the following redundant: > > net $FW DROP info > net loc DROP info > net all DROP info > > > in that the last rule (net all) will DROP everything and therefore the > only additional input for this interraction would be under rules. > > similarly > > loc net ACCEPT > loc $FW REJECT > loc all REJECT > > doesn't require the "loc $FW REJECT" line for the same reasons. > > True?
See "Logging tips" at http://linuxman.wikispaces.com/PPPPPPS. From a policy point of view, these policies are redundant but when using Shorewall-shell, they make the log messages easier to understand. > > Another question: > I initially tried setting up my interfaces such that: > > net eth1 detect dhcp... > loc eth0 detect dhcp... > > but no DHCP entry in rules. I got a lot of blocked UDP port 53 traffic. UDP port 53 is DNS, not DHCP. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
