Tom
Thanks for the step-by-step breakdown.
On Wed, Sep 24, 2014, at 09:28 AM, Tom Eastep wrote:
> Do 'shorewall status -i'. You will probably see that both provider
> interfaces are disabled.
yes
shorewall-lite status -i
...
Interface eth0 is Disabled
Interface tun1 is Disabled
once I set up lsm, with 'dynamic' monitoring/checking, then this should, IIUC,
resolve itself -- or at least made irrelevant.
1st, however, to fix this in current 'static' setup ...
> Does you 'stopped' Shorewall configuration allow outgoing ping and the
> related responses?
Nope, it had not :-/
> Remember that Shorewall-init has stopped Shorewall.
I do now ...
However, adding to
/stoppedrules ( <=== this, NOT /stopped, correct?)
20 + Ping(ACCEPT) net $FW
21 + Ping(ACCEPT) $FW net
returns @ compile
ERROR: Invalid TARGET (Ping(ACCEPT))
/usr/local/etc/shorewall/IPv4/stoppedrules (line 20)
Are MACROS (not)allowed in /stoppedrules?
If not, what specific PING rules should be added here.
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
