Reviewing the manpages, I see the error in my /etc/shorewall/policy file... I originally defined the first two rules as shown below to allow communication with my network. I added the 'reject all' rule to prevent all other communication requests. I should set all policies below to reject. Then I can define my connections explicitly via the rules.
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST $FW dmz ACCEPT dmz $FW ACCEPT info # The FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE Regarding the site I tried to ping as a test: db.local.clamav.net This is one site I would want to connect to in order to get updates for clamav. -----Original Message----- From: Götz Reinicke - IT-Koordinator [mailto:[email protected]] Sent: Wednesday, June 16, 2010 7:10 AM To: Shorewall Users Subject: Re: [Shorewall-users] shorewall rules Hi, Am 16.06.10 11:55, schrieb Derek Lewis: > Here are my current shorewall policies and rules. I intended to allow > traffic through to the firewall explicitly via ip address and port # > though I think my rules are flawed. I can still ping an external > address which I thought required port 80 to open and an ACCEPT action > for the address in question. If you like to handel and controll all traffic by rules, than you should not allow anything by default/policy ... ping is not using port 80 (with udp or tcp) ... it is using icmp. http://en.wikipedia.org/wiki/Ping and http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol >From which host do you try to ping which host? <...> /Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail [email protected] Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
