On Tuesday, May 07, 2013 09:04:42 AM Tom Eastep wrote:
> Another thing here is to be sure to use 'shorewall show' (or 'iptables -L
> -n -v') when looking at the Netfilter filter table configuration. You
> can't tell what the state of the ruleset is by simply issuing 'Iptables
> -L' -- it's output is almost useless and can make you believe that you are
> wide open when you are not.
>
> -Tom
> You do not need a parachute to skydive. You only need a parachute to
> skydive twice.
This looks like all is open to me:
# /etc/shorewall stop
# shorewall show
Shorewall 4.5.5.3 filter Table at droog - Tue May 7 09:09:26 PDT 2013
Counters reset Mon May 6 16:43:18 PDT 2013
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
104 10002 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
98 6364 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
