Bulgrien, Kevin wrote:> Your interface / zone / hosts / rules / policy / etc setup affects
> the firewall status. I had a similar problem due to a configuration
> file issue. I suggest posting that information to the list. The
> status is does not necessarily clearly show what was done
> incorrectly.
>
> It is probably not a rule problem, but rather a zone problem. Also
> state if SSH works when the firewall is disabled.
>
Yup Kevin, thanks for helping. As you can see the problem is fixed (and
the SSH worked with both the fw open but also when I accepted SSH from
the Net zone) but I still would like to learn a little with all of your
help.
Here are my config files and I hope you can all suggest better ways of
doing what I want (basically my FW is a standalone machine which gets a
DHCP address and I want this machine to expose basically only ssh from
my home and office IPs).
Thank you,
Bob
#ZONE DISPLAY COMMENTS
home home home LAN
IBM IBM 9.0.0.0
net Net Internet
# zone hosts
IBM eth0:9.0.0.0/8
home eth0:192.168.174.242
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,norfc1918,routefilter,tcpflags
net ppp0 detect dhcp
net ath0 detect dhcp
# default policies
#SOURCE DEST POLICY
fw net ACCEPT
$FW home ACCEPT
# The FOLLOWING POLICY MUST BE LAST
home $FW ACCEPT
net all DROP info
all all REJECT info
# Rules
ACCEPT fw net icmp
ACCEPT net $FW 254
ACCEPT:info IBM $FW tcp 22
ACCEPT IBM $FW udp 22
ACCEPT net $FW tcp 5900
ACCEPT net $FW udp 63572
ACCEPT net $FW tcp 63572
DropPing net $FW all
ACCEPT $FW $FW all