On 08/17/2012 10:14 AM, [email protected] wrote:
>
> Just a point of order here, and I'm sure I'm misinterpreting this, but it
> looks like my firewall is wide open. I'd understood that the first matching
> rule it comes to, it accepts for a given packet.
>
> Is it the policy DROP that's calling the shots for each chain??
No -- the problem is that a bare 'iptables -L' command give you
completely useless output. Try
shorewall show
instead. That uses 'iptables -L -n -v' which is the only way to see what
your ruleset is really doing.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
