One correction to Paul's observations below On 8/9/2013 2:34 PM, Paul Gear wrote: > Hi Pete, > > Just a few more comments on your configuration: > > On 08/07/2013 09:34 AM, Pete Geenhuizen wrote: >>
>> Invalid(DROP) net all > > Be careful with this one - i would recommend putting it at the end of > your rules if you bother keeping it. New connections are also invalid, > which means that any other net to anything rules after it will be dropped. > Not true. Shorewall historically treated NEW and INVALID the same, since both went through rules generated by the rules file. But NEW and INVALID are separate and disjoint states. The sample rules files have included the above rule for some time. Regards, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
