On 12/28/2011 02:16 AM, mike lan wrote: > Hello > I would like to setup shorewall for some ports only (i.e allow to surf > the net http and https and access ftp only and nothing else ) > > I've used the one interface firewall example with a policy file : > #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST > $FW net ACCEPT info ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > net all DROP info > # The FOLLOWING POLICY MUST BE LAST > all all REJECT info > > > and on the rules file : > ACCEPT $FW net icmp > ACCEPT $FW net tcp http,https,ftp > > > restarted shorewall > But I've noticed that I can still send packets on other ports that those > specified on the rules. ex : running transmission for instance > > thanks taking time to reply >
The highlighted line there sets the default policy for outgoing traffic to ACCEPT. When your ACCEPT rules aren't matched, outgoing traffic uses that default. Change that ACCEPT to a REJECT or maybe a DROP if you prefer, and it should work as expected. -- J. Randall Owens | http://www.ghiapet.net/ ProofReading Markup Language | http://www.prml.org/ ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
