I am running shorewall 2.1.5, recently upgraded from 1.4 and am intrigued with these new actions and have two questions, first, if I create a action.Allow, just like there exists action.Drop and action.Reject, will the actions included in action.Allow be processed just like those in action.Drop? (whether I use this file in /etc/shorewall or /usr/share/shorewall) the most important question: I''m probably going to be utilizing a lot of actions now that this system is pretty much an organized "rules" file and so I wanted to know which part of which file to change so that rules are not loaded from /etc/shorewall but /etc/shorewall/<sub_dir_of_my_choice>/ so that the main /etc/shorewall/ folder does not get flooded with actions.. I am not a member of the mailing list, so if someone could respond, I would appreciate it. I think it''s the firewall file in /usr/share/shorwall dir i have to edit, under the process_actions1 function, but it''s a little cryptic to me and I can''t find the line to change. Thanks in advance to whoever responds, Dan.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan wrote: | first, if I create a action.Allow, just like there exists action.Drop | and action.Reject, will the actions included in action.Allow be | processed just like those in action.Drop? (whether I use this file in | /etc/shorewall or /usr/share/shorewall) a) DO NOT PUT ANYTHING OR CHANGE ANYTHING IN /usr/share/shorewall!!!! b) If you really feel you want a common action for the ACCEPT policy, you can create action.Accept and then add "Accept:ACCEPT" to your /etc/shorewall/actions file. | | the most important question: I''m probably going to be utilizing a lot of | actions now that this system is pretty much an organized "rules" file | and so I wanted to know which part of which file to change so that rules | are not loaded from /etc/shorewall but | /etc/shorewall/<sub_dir_of_my_choice>/ so that the main /etc/shorewall/ | folder does not get flooded with actions.. See the CONFIG_PATH option in shorewall.conf. | I think it''s the firewall file in /usr/share/shorwall dir i have to | edit, under the process_actions1 function, but it''s a little cryptic to | me and I can''t find the line to change. Again -- DO NOT ADD OR CHANGE ANYTHING in /usr/share/shorewall. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBJgTIO/MAbZfjDLIRAuOqAKCIPGUl2QRzSIzxKQOV1JVA5rnC7gCgqnEf mnV6ehbzdg3JrKW1zJV5f3U=9vIy -----END PGP SIGNATURE-----