Hi, I am new to shorewall and I am trying to setup shorewall (v4.5.5.4) on a Redhat host to protect itself. As a test, I would setup a policy to allow corporate hosts to access the Redhat through ssh, not from the rest. From the host, it can initiate all the traffic out.
I modified hosts, zones and rules files in /etc/shorewall: # cat hosts #ZONE HOST(S) OPTIONS Corp eth0:10.0.0.0/8 # cat zones #ZONE TYPE OPTIONS IN OPTIONS OUT OPTIONS # Fw firewall Net ipv4 Corp ipv4 # cat rules SECTION NEW SSH(ACCEPT) corp $FW SSH(DROP) net $FW After I started shorewall, I noticed that the policy is "DROP" not "ACCEPT" from corp to fw. Why? Thanks. [root@dmz1 shorewall]# shorewall show policies Shorewall 4.5.5.4 Policies at dmz1.corp.com - Tue Jul 17 11:47:54 EDT 2012 fw => net ACCEPT using chain fw2net fw => corp DROP using chain fw2corp net => fw DROP using chain net2fw net => corp DROP using chain net2corp corp => fw DROP using chain corp2fw corp => net DROP using chain corp2net [root@njdmzrp1 shorewall]# Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
