Hi, Using shorewall for the first time (a woody .deb of version 1.2.12). After reading the docs, I still have a couple of questions regarding some parameters from the interfaces file. 1) Is rfc1918 not just a specific implementation of routefilter ? The sample file in two-interface.tgz uses them both, but they seem to at least overlap. Since my internal network will be 192.168.1.0/24, will routefilter add anything that norfc1918 doesn''t provide? 2) Given the two interface I''net/LAN firewall/gateway, will routestopped do anything for me? If the firewall is stopped, the local machines should still be able to talk even without the routestopped in the /etc/shorewall/interfaces file, no? I just subscribed to this list a few minutes ago, but as yet have neither received a request to confirm the subscription request, nor a notification of subscription. Maybe anyone answering could Cc: me, just in case my subscription hasn''t been processed yet. Thanks, JK __________________________________ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com
On Mon, 2004-11-29 at 13:55 -0800, James Kirk wrote:> Hi, > > Using shorewall for the first time (a woody .deb of > version 1.2.12).If you are just installing Shorewall, please don''t install 1.2; support for version 1.2 ceased almost two years ago. There are (very) recent Shorewall backports available for Debian. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Mon, 2004-11-29 at 13:55 -0800, James Kirk wrote: I''ve already offered my comments regarding your proposed installation of a version of Shorewall that hasn''t been supported in almost two years.> 1) Is rfc1918 not just a specific implementation of > routefilter ?No. The two actually have very little to do with each other other than in some cases, the traffic that they filter may overlap.> > 2) Given the two interface I''net/LAN firewall/gateway, > will routestopped do anything for me?Only if you wish to access your firewall from your local LAN (and vice versa) when the firewall is stopped. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key