-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all, I''m a bit confused on the rules and would like your help. I''ve 4 NIC, eth0 --> WAN (net) eth1 --> OSPF1 (bb1) eth2 --> OSPF2 (bb2) I would like to enable all the icmp function (ping and traceroute) Wonder what effect will the following policy make. bb0 all ACCEPT info bb1 all ACCEPT info net all ACCEPT info all bb0 ACCEPT info all bb1 ACCEPT info all net ACCEPT info Will everybody be able to access $FW (if any services in $FW is running) Or I''ve to speficy all of them one by one with the rules? AllowPing all all AllowTrcrt all all Regards, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFCpm+rV0p9slMZLW4RAgh0AKDuJevDnWZLlGTjxAN3EwUkBiHbcQCgknpT +zmvWf2nsdhcUwZBHdnQvU8=UZNm -----END PGP SIGNATURE-----
Dear Chan, Why don''t you read the documentation and try it yourself, if you happened to have some trouble, perhaps we may help from there. .eof --- Chan Min Wai <dcmwai@ocesb.com.my> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear all, > > I''m a bit confused on the rules and would like your > help. > > I''ve 4 NIC, > eth0 --> WAN (net) > eth1 --> OSPF1 (bb1) > eth2 --> OSPF2 (bb2) > > I would like to enable all the icmp function (ping > and traceroute) > Wonder what effect will the following policy make. > > bb0 all ACCEPT info > bb1 all ACCEPT info > net all ACCEPT info > all bb0 ACCEPT info > all bb1 ACCEPT info > all net ACCEPT info > > Will everybody be able to access $FW (if any > services in $FW is running) > > Or I''ve to speficy all of them one by one with the > rules? > AllowPing all all > AllowTrcrt all all > > Regards, > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Fedora - > http://enigmail.mozdev.org > >iD8DBQFCpm+rV0p9slMZLW4RAgh0AKDuJevDnWZLlGTjxAN3EwUkBiHbcQCgknpT> +zmvWf2nsdhcUwZBHdnQvU8> =UZNm > -----END PGP SIGNATURE----- > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
i wouldn''t allow this... you allow all threffic from net to your firewall...not good :). net all ACCEPT info> --- Chan Min Wai <dcmwai@ocesb.com.my> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Dear all, > > > > I''m a bit confused on the rules and would like your > > help. > > > > I''ve 4 NIC, > > eth0 --> WAN (net) > > eth1 --> OSPF1 (bb1) > > eth2 --> OSPF2 (bb2) > > > > I would like to enable all the icmp function (ping > > and traceroute) > > Wonder what effect will the following policy make. > > > > bb0 all ACCEPT info > > bb1 all ACCEPT info > > net all ACCEPT info > > all bb0 ACCEPT info > > all bb1 ACCEPT info > > all net ACCEPT info > > > > Will everybody be able to access $FW (if any > > services in $FW is running) > > > > Or I''ve to speficy all of them one by one with the > > rules? > > AllowPing all all > > AllowTrcrt all all > > > > Regards, > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.4 (GNU/Linux) > > Comment: Using GnuPG with Fedora - > > http://enigmail.mozdev.org > > iD8DBQFCpm+rV0p9slMZLW4RAgh0AKDuJevDnWZLlGTjxAN3EwUkBiHbcQCgknpT > > > +zmvWf2nsdhcUwZBHdnQvU8> > =UZNm > > -----END PGP SIGNATURE----- > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > > https://lists.shorewall.net/mailman/listinfo/shorewall-users > > > Support: http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: > http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm