On 5/7/13 4:29 PM, [email protected] wrote: > On Tuesday, May 07, 2013 09:04:42 AM Tom Eastep wrote: >> Another thing here is to be sure to use 'shorewall show' (or 'iptables -L >> -n -v') when looking at the Netfilter filter table configuration. You >> can't tell what the state of the ruleset is by simply issuing 'Iptables >> -L' -- it's output is almost useless and can make you believe that you are >> wide open when you are not. >> >> -Tom >> You do not need a parachute to skydive. You only need a parachute to >> skydive twice. > > This looks like all is open to me: > > # /etc/shorewall stop > # shorewall show > Shorewall 4.5.5.3 filter Table at droog - Tue May 7 09:09:26 PDT 2013 > > Counters reset Mon May 6 16:43:18 PDT 2013 > > Chain INPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 104 10002 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 > ctstate RELATED,ESTABLISHED > 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 > > 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 > > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 > ctstate RELATED,ESTABLISHED > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 98 6364 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 > ctstate RELATED,ESTABLISHED > 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 > > 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 > >
Impossible to tell -- if eth0 is your net interface, then *you* are allowing traffic from that interface in /etc/shorewall/routestopped or /etc/shorewall/stoppedrules. If it is an internal interface, then your firewall is safe from new connections. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
