[Shorewall-users] Aptitude do not work on running shorewall

Tue, 03 May 2011 05:30:47 -0700 

Hello,

I use shorewall at Debian Linux, Lenny and Squeeze, On the machine with the 
firewall I have to stop shorewall for use "aptitude update" or "aptitude 
install".
If shorewall runs I cannot use aptitude on the firewall, but I can use aptitude 
on the other machines which use the same firewall.

Is there a special rule and a macro to allow the use of aptitude on the 
firewall?

My rules looks like that:
ACCEPT          net             $FW             tcp     52022
SMTP/ACCEPT     net             loc:192.168.1.2
SMTP/ACCEPT     loc:192.168.1.2 net

SMTPS/ACCEPT    net             loc:192.168.1.2
SMTPS/ACCEPT    loc:192.168.1.2 net
HTTP/ACCEPT     net             $FW
HTTP/ACCEPT     $FW             net
HTTP/ACCEPT     net             loc:192.168.1.4 tcp     80
HTTP/ACCEPT     loc:192.168.1.4 net             tcp     80
HTTP/ACCEPT     net             loc:192.168.1.5 tcp     80
HTTP/ACCEPT     loc:192.168.1.5 net             tcp     80
HTTP/ACCEPT     net             loc:192.168.1.5 tcp     8088
HTTP/ACCEPT     loc:192.168.1.5 net             tcp     8088
HTTPS/ACCEPT    net             $FW
HTTPS/ACCEPT    $FW             net
Webmin/ACCEPT   net             $FW
Webmin/ACCEPT   net             loc:192.168.1.3
Webmin/ACCEPT   loc:192.168.1.3 net
IMAP/ACCEPT     net             loc:192.168.1.2
IMAP/ACCEPT     loc:192.168.1.2 net

IMAPS/ACCEPT    net             loc:192.168.1.2
IMAPS/ACCEPT    loc:192.168.1.2 net
POP3/ACCEPT     net             loc:192.168.1.2
POP3/ACCEPT     loc:192.168.1.2 net
POP3S/ACCEPT    net             loc:192.168.1.2
POP3S/ACCEPT    loc:192.168.1.2 net
SSH/ACCEPT      net             $FW
SSH/ACCEPT      $FW             net
SSH/ACCEPT      loc             net
SSH/ACCEPT      net             loc
SSH/ACCEPT      loc             $FW
SSH/ACCEPT      $FW             loc

AllowICMPs/ACCEPT       net     $FW
AllowICMPs/ACCEPT       loc     net
Ping/ACCEPT     net             $FW
Ping/ACCEPT     $FW             net
Ping/ACCEPT     loc             $FW
Ping/ACCEPT     $FW             loc
Ping/ACCEPT     loc             net
Ping/ACCEPT     net             loc
FTP/ACCEPT      net             loc
FTP/ACCEPT      loc             net

FTP/ACCEPT      net             $FW
FTP/ACCEPT      $FW             net
DNS/ACCEPT      net             $FW
DNS/ACCEPT      $FW             net
DNS/ACCEPT      loc             $FW
DNS/ACCEPT      $FW             loc
OpenVPN/ACCEPT  net             $FW
OpenVPN/ACCEPT  $FW             net

Thanks for your help,

Andreas

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to