On 18/07/12 07:14, Ruiyuan Jiang wrote: > Hi, Paul > > Sorry I did not include the content of policy file. In the policy > file, it has: > > #SOURCE DEST POLICY LOG LEVEL LIMIT: CONNLIMIT: > > $FW net ACCEPT > Net all DROP info > All all DROP info
That matches exactly what you're seeing in your 'shorewall show policies' output, which is expected. >> From the doc, is it supposed that rules file first then policy >> file? Yes, but 'shorewall show policies' only shows you what you already know you have configured through the policy file. It will have no effect on the ssh ACCEPT rule you have configured from corp2fw. (Use 'shorewall show corp2fw' to see this - you'll see a RELATED,ESTABLISHED rule first, then the ssh rule, then a chain to the policy. Paul ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
