Sivamurugu K. Pillai wrote:> Tom,
>
> I use shorewall 2.2.3 with four network interfaces comprising of three
zones.
> I am able to ping some servers from the internet(net-zone) and not others.
>
> I do not want to allow ping by default from internet. I have not copied the
files action.drop
> and action.reject into /etc/shorewall. Nor I have a AllowPing rule in rules
file.
>
> The policy file is pasted below.
>
> #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
> #loc net ACCEPT
> net all DROP info
> dmz0 net ACCEPT info
> dmz1 net ACCEPT info
> fw net ACCEPT info
> fw dmz0 ACCEPT info
> fw dmz1 ACCEPT info
> dmz0 fw ACCEPT info
> dmz1 fw ACCEPT info
> dmz0 dmz1 ACCEPT info
> all all REJECT info
>
> Just thought you could enlighten
>
With only the above information, you actually think I can tell you
anything???
Unbelievable...
-Tom
HINT: http://shorewall.net/support.htm#Guidelines
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key