Robert Moskowitz wrote: > Tom Eastep wrote: >> Robert Moskowitz wrote: >> >>> I am looking at: http://www.shorewall.net/samba.htm >>> >>> This is obviously the old format: >>> >> No -- that is currently-accepted format. >> > > As I read the macro docs it seems the current format is: > > SMB(ACCEPT) $FW loc > > though the SMB/ACCEPT is still accepted. > >>> SMB/ACCEPT $FW loc >>> SMB/ACCEPT loc $FW >>> >>> Would the proper format be: >>> >>> ACCEPT $FW loc SMB >>> ACCEPT loc $FW SMB >>> >>> ? >>> >> No. >> >> 'SMB' is a macro -- see http://www.shorewall.net/Macros.html >> >> >>> And what protocols/ports are covered by SMB? Thus is it really: >>> >>> >> As with any standard macro, you can see what it does by examining the >> corresponding macro definition file in /usr/share/shorewall/. > > It would be nice to document all the macros instead of having to cat > each. Most are just a one liner.
We will look forward to your contribution -- thanks! > > Speaking of that, I see a lot of examples where the port is not a number > but a name (directly from the rules docs): > > Accept SMTP requests from the DMZ to the internet > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > # PORT PORT(S) DEST > ACCEPT dmz net tcp smtp > > > Is this also a macro form or just an alternative method. If the later > is there a document giving the names to number mappings allowed? The correspondence between service names and port numbers is normally determined by the file /etc/services but can be changed by modifying /etc/nsswitch.conf. This is a standard Unix facility and is independent of Shorewall; Shorewall-perl simply uses that facility to do the name->port mapping. See http://www.shorewall.net/configuration_file_basics.htm#Ports -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
