On 18/07/12 01:52, Ruiyuan Jiang wrote: > Hi, > > I am new to shorewall and I am trying to setup shorewall (v4.5.5.4) on a > Redhat host to protect itself. As a test, I would setup a policy to allow > corporate hosts to access the Redhat through ssh, not from the rest. From the > host, it can initiate all the traffic out. > > I modified hosts, zones and rules files in /etc/shorewall: > ... > After I started shorewall, I noticed that the policy is "DROP" not "ACCEPT" > from corp to fw. Why? Thanks. > > [root@dmz1 shorewall]# shorewall show policies > Shorewall 4.5.5.4 Policies at dmz1.corp.com - Tue Jul 17 11:47:54 EDT 2012 > > fw => net ACCEPT using chain fw2net > fw => corp DROP using chain fw2corp > net => fw DROP using chain net2fw > net => corp DROP using chain net2corp > corp => fw DROP using chain corp2fw > corp => net DROP using chain corp2net > [root@njdmzrp1 shorewall]#
Hi Ruiyuan, Shorewall won't start without a policy covering each interface combination, so you must also have something relevant in the policies file - what is it? I think you may be misunderstanding the policies and rules distinction. It might be worth reviewing the information about them in http://shorewall.net/Introduction.html#Concepts Regards, Paul ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
