Yeah. I got it.
Interesting the option EXPAND_POLICIES. I always generate the zone
combination to have in the syslog the a2b mark to easily identify the block.
Thanks Tom.
On Tue, Mar 5, 2013 at 12:37 AM, Tom Eastep <[email protected]> wrote:
> On 3/4/13 7:21 PM, "Guilsson Guilsson" <[email protected]> wrote:
>
> I understand the order is important on file /etc/shorewall/policy.
> But,if I create all possible combinations for the defined zones:
> # for a in fw loc dmz net; do for b in fw loc dmz net; do echo $a $b
> REJECT info; done; done
> and ending the above list with "all all DROP info"
> is the order still important ?
>
>
> No. But in general you don't want REJECT for the policy from a zone to
> itself. And if you do not, then you can accomplish the same thing with:
>
> /etc/shorewall/shorewall.conf
>
> EXPAND_POLICIES=Yes
>
> /etc/shorewall/policy
>
> all all REJECT info
>
> -Tom
> You do not need a parachute to skydive. You only need a parachute to
> skydive twice.
>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
