I am using debian sarge. I want to block all incoming requests except DNS (port 53) and allow all outgoing traffic. I did a apt-get shorewall. When I start shorewall, I cannot even ping to any external site. I am a newbie and difficult to follow the online guide. Can anyone please help me. Thanks !
please use the CURRENT VERSION of shorewall. you can download it from here: http://slovakia.shorewall.net/pub/shorewall/2.2.shorewall-2.2.0/shorewall-2.2.0.tgz (before install this version,please remove the debian package) follow the documentation here: http://www.shorewall.net/Documentation_Index.html to only allow DNS from the net to fw use the built-in rule: AllowDNS net fw bye. On Tue, 1 Feb 2005 20:37:22 -0500, Chakravarthy Cuddapah <cuddapah@mac.com> wrote:> I am using debian sarge. I want to block all incoming requests except > DNS (port 53) and allow all outgoing traffic. I did a apt-get > shorewall. When I start shorewall, I cannot even ping to any external > site. I am a newbie and difficult to follow the online guide. Can > anyone please help me. > Thanks ! > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > > >
Cristian Rodriguez wrote:> please use the CURRENT VERSION of shorewall. > you can download it from here: > http://slovakia.shorewall.net/pub/shorewall/2.2.shorewall-2.2.0/shorewall-2.2.0.tgz > (before install this version,please remove the debian package) > > follow the documentation here: > > http://www.shorewall.net/Documentation_Index.html > > to only allow DNS from the net to fw > use the built-in rule: > > AllowDNS net fw >As with ALL Debian packages, it is alays important to read and follow the README.Debian file included with the Shorewall Debian distribution. Beyond that, I can''t help -- I wrote the two-interface quickstart guide and it is highly unlikely that I can make things clearer in one email message than I have made them in an article that I''ve been revising and improving for several years. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I don''t know what I am doing wrong. For testing, I added ''DropDNSrep net fw'' to /etc/shorewall/rules and started shorewall. I went to www.grc.com and did a test with shields up. Port 53 is open. Is my test wrong ? I am using a single static ip (public). On Feb 1, 2005, at 9:45 PM, Tom Eastep wrote:> Cristian Rodriguez wrote: >> please use the CURRENT VERSION of shorewall. >> you can download it from here: >> http://slovakia.shorewall.net/pub/shorewall/2.2.shorewall-2.2.0/ >> shorewall-2.2.0.tgz >> (before install this version,please remove the debian package) >> >> follow the documentation here: >> >> http://www.shorewall.net/Documentation_Index.html >> >> to only allow DNS from the net to fw >> use the built-in rule: >> >> AllowDNS net fw >> > > As with ALL Debian packages, it is alays important to read and follow > the README.Debian file included with the Shorewall Debian distribution. > > Beyond that, I can''t help -- I wrote the two-interface quickstart guide > and it is highly unlikely that I can make things clearer in one email > message than I have made them in an article that I''ve been revising and > improving for several years. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
I don''t know what I am doing wrong. For testing, I added ''DropDNSrep net fw'' to /etc/shorewall/rules and started shorewall. I went to www.grc.com and did a test with shields up. Port 53 is open. Is my test wrong ? How else can I test ? I am using a single static ip (public). On Feb 1, 2005, at 9:45 PM, Tom Eastep wrote:> Cristian Rodriguez wrote: >> please use the CURRENT VERSION of shorewall. >> you can download it from here: >> http://slovakia.shorewall.net/pub/shorewall/2.2.shorewall-2.2.0/ >> shorewall-2.2.0.tgz >> (before install this version,please remove the debian package) >> >> follow the documentation here: >> >> http://www.shorewall.net/Documentation_Index.html >> >> to only allow DNS from the net to fw >> use the built-in rule: >> >> AllowDNS net fw >> > > As with ALL Debian packages, it is alays important to read and follow > the README.Debian file included with the Shorewall Debian distribution. > > Beyond that, I can''t help -- I wrote the two-interface quickstart guide > and it is highly unlikely that I can make things clearer in one email > message than I have made them in an article that I''ve been revising and > improving for several years. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
>Please provide information¡¡read http://www.shorewall.net/support.htm On Tue, 1 Feb 2005 22:13:26 -0500, Chakravarthy Cuddapah <cuddapah@mac.com> wrote:> I don''t know what I am doing wrong. For testing, I added ''DropDNSrep > net fw'' to /etc/shorewall/rules and started shorewall. I went to > www.grc.com and did a test with shields up. Port 53 is open. Is my test > wrong ? How else can I test ? I am using a single static ip (public). > > On Feb 1, 2005, at 9:45 PM, Tom Eastep wrote: > > > Cristian Rodriguez wrote: > >> please use the CURRENT VERSION of shorewall. > >> you can download it from here: > >> http://slovakia.shorewall.net/pub/shorewall/2.2.shorewall-2.2.0/ > >> shorewall-2.2.0.tgz > >> (before install this version,please remove the debian package) > >> > >> follow the documentation here: > >> > >> http://www.shorewall.net/Documentation_Index.html > >> > >> to only allow DNS from the net to fw > >> use the built-in rule: > >> > >> AllowDNS net fw > >> > > > > As with ALL Debian packages, it is alays important to read and follow > > the README.Debian file included with the Shorewall Debian distribution. > > > > Beyond that, I can''t help -- I wrote the two-interface quickstart guide > > and it is highly unlikely that I can make things clearer in one email > > message than I have made them in an article that I''ve been revising and > > improving for several years. > > > > -Tom > > -- > > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > > Shoreline, \ http://shorewall.net > > Washington USA \ teastep@shorewall.net > > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > > https://lists.shorewall.net/mailman/listinfo/shorewall-users > > Support: http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > > >
Chakravarthy Cuddapah wrote:> I don''t know what I am doing wrong. For testing, I added ''DropDNSrep > net fw'' to /etc/shorewall/rules and started shorewall. I went to > www.grc.com and did a test with shields up. Port 53 is open. Is my test > wrong ? I am using a single static ip (public). >You are going to continue to be ignored until you give us some configuration information about your system. We are busy people who do this for free and we simply haven''t the time to try to solve puzzles. If you want our help, you must follow the guidelines published at http://shorewall.net/support.htm. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key