--On Friday, January 03, 2003 07:39:28 PM +0800 Stephen Gloor
<sgloor@p086.aone.net.au> wrote:
> I have installed Shorewall OK and it seemed to be
> working OK however I am having a problem with
> rejecting local request to the net in my test
> environment.
> The problem is when I put in the policy file the line
> loc net REJECT info
> the PC on the local network can still ping the PC that
> I am using to simulate the internet. Also there is no
> log entry that the request has been rejected. I have
> also not allowed the firewall to access the internet
> but I can still ping the internet from the firewall.
> If I change the line to the default
> loc net ACCEPT info
> I can ping the internet as before however I then get a
> log message saying that the request has been accepted.
> I am starting and stopping Shorewall in between these
> changes.
> I have a local PC (192.168.1.100) ---> Firewall
> server(eth1:192.168.1.1) - MASQ - (eth0:196.168.5.2)
> -----> "Internet" (196.168.5.10).
> In fact the local PC can still ping the "Internet PC"
> even with Shorewall stopped and cleared.
> Hoping someone can help.
>
In the current Shorewall, ''ping'' is sort of "outside the
rules".
See http://shorewall.sf.net/ping.html
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net