Shorewall users - Apr 2002 - Continue Policy

Hello all, just installed Shorewall -- very impressed....


My shorewall box is on a local LAN (192.168.1), there are other
computers on that LAN that would technically fall into the "net" zone.
Although I want these computers to have full access to this shorewall
box. 

The CONTINUE policy doesn''t seem to do it:
( off 	$FW		CONTINUE )  {off - reffering to my local lan)

Unless I apply specific rules(i.e opening ports) 

But, if I put a rule in such as:

ACCEPT	off	$FW	all

During startup shorewall tells me this is a policy. 

My question is -- Is this an acceptable way to open access to these
local computers without creating to large of a hole?  Is there an easier
way of doing this?  Should I just RTFM?

If I don''t put that rule in the continue policy just takes over and
Shorewall blocks DNS requests from my local machines... 

Thanks for any kind help...
Daniel

Danial,

On Thu, 11 Apr 2002, Daniel G wrote:
> Hello all, just installed Shorewall -- very impressed....
>
>
> My shorewall box is on a local LAN (192.168.1), there are other
> computers on that LAN that would technically fall into the "net"
zone.
> Although I want these computers to have full access to this shorewall
> box.
>
> The CONTINUE policy doesn''t seem to do it:
> ( off 	$FW		CONTINUE )  {off - reffering to my local lan)
>
> Unless I apply specific rules(i.e opening ports)
>
> But, if I put a rule in such as:
>
> ACCEPT	off	$FW	all
>
> During startup shorewall tells me this is a policy.
>
> My question is -- Is this an acceptable way to open access to these
> local computers without creating to large of a hole?  Is there an easier
> way of doing this?  Should I just RTFM?
>
> If I don''t put that rule in the continue policy just takes over
and
> Shorewall blocks DNS requests from my local machines...
>
At the very least, we need to see your zones file, your hosts file and
your policy file to make any sense out of your report.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

On Thu, 11 Apr 2002, Tom Eastep wrote:
>
> At the very least, we need to see your zones file, your hosts file and
> your policy file to make any sense out of your report.
>
And your interfaces file as well.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net