Thank you, I checked my connectivity with ping, webmin and Samba shares. I can reach the network and external ip addresses fine, though I am not sure my rules are working as expected.
I will post them to the mailing list. -----Original Message----- From: Götz Reinicke - IT-Koordinator [mailto:[email protected]] Sent: Tuesday, June 15, 2010 2:23 AM To: [email protected] Subject: Re: [Shorewall-users] shorewall rules Am 15.06.10 10:48, schrieb Derek Lewis: > I am setting up a server with Ubuntu 10.04 with Shorewall v4.4.8.4 to > control access. > > I have successfully implemented rules for accepting traffic between the > firewall and the rest of the world. > > The final modification I wanted to make is to reject all traffic not > explicitly allowed by the rules I have created. When I add a reject rule > between the external network and the firewall, I can no longer connect > to the machine. > > Checking the logs I don't see any errors during startup of shorewall. I > have searched via Google though have not found a solution. > > I can supply details of my policies and rules as needed. Hi, that would help. Look at http://www.shorewall.net/support.htm#Guidelines too. As far as I remember, use the /etc/shorewall/policy file do deny/reject all traffic by default, and you use /etc/shorewall/rules to allow. Allow all from local lan to the dmz and http(s) and ftp to the internet: E.g.: policy file: ... loc dmz ACCEPT ... all all REJECT info rule file: ... ACCEPT loc net tcp http,https,ftp ... Regards. Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail [email protected] Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
