Shorewall users - Jun 2003 - new to list

Hi,
up to this weekend I was using bastille as a firewall,but as I had to do
a complete reinstall of everything, thanks to using a HD that had winxp
on its MBR.So I''m now using Shorewall, albeit with a minor difficulty.


This being 3 NICs on this machine, 2 of these are on the internal side
of the firewall but are on very different subnets, I don''t really want
these 2 subnets to be able to see each other.

Can shorewall be configured to do this ?
sri using MDK9.1

TIA
-- 
richard bown <richard.bown@blueyonder.co.uk>

On Sun, 2003-06-08 at 23:06, richard bown wrote:
> up to this weekend I was using bastille as a firewall,but as I had to do
> a complete reinstall of everything, thanks to using a HD that had winxp
> on its MBR.So I''m now using Shorewall, albeit with a minor
difficulty.
> 
> 
> This being 3 NICs on this machine, 2 of these are on the internal side
> of the firewall but are on very different subnets, I don''t really
want
> these 2 subnets to be able to see each other.
> 
> Can shorewall be configured to do this ?
Sure....

You have zones for those interfaces defined, yes?  Maybe they are called
loc1 and loc2?

Just set up a policy of

loc1   loc2   DROP
loc2   loc1   DROP

Or you could just not define any policy for that and allow

all    all    DROP

take care of it...


-- 
http://www.shorewall.net       Shorewall, for all your firewall needs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030608/677e479a/attachment-0001.bin