On Wed, Sep 24, 2014, at 10:55 AM, Tom Eastep wrote:
> > which suggests that the setting is ignored/overridden, and outbound rules
> > should be open, as in ADMINISABSENTMINDED=Yes, regardless.
>
> No.
Can you clarify what "WARNING: Entries in the routestopped file are processed
as if ADMINISABSENTMINDED=Yes" *does* imply?
> That's left over from when the file was called routestopped. I'll correct.
So no effect. Thanks.
With
/shorewall.conf
...
ADMINISABSENTMINDED=No
...
/stoppedrules
...
ACCEPT - - icmp 8
...
after boot,
shorewall-lite status -i
Interface eth0 is Disabled
Interface tun1 is Disabled
otoh,
/shorewall.conf
...
ADMINISABSENTMINDED=Yes
...
/stoppedrules
...
ACCEPT - - icmp 8
...
after boot,
shorewall-lite status -i
Interface eth0 is Enable
Interface tun1 is Disabled
So,
That ACCEPT rule is NOT, apparently, sufficient
and,
ADMINISABSENTMINDED=Yes does make a difference, but, atm, only to the eth0
interface
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
