Shorewall users - Jan 2006 - Fw: hosts.allow, hosts.deny

>> Hello,
>>
>> I am using Debian Sarge, with Shorewall 2.2.3,
>>
>> for access control I am using hosts.allow :
>>
>> ALL: 144.131.xxx.xxx
>>
>> and hosts.deny:
>>
>> ALL: ALL
>>
>> I have a virtual machine that is being port forwarded to with Shorewall
:
>>
>> DNAT    net     loc:10.0.0.100  tcp     3389
>>
>> hosts.allow is not denying a request to the forwared rule.  it denies
ssh
>> fine but not the port forward rule.
>>
>> Is there an access control file similar to hosts.allow and deny in 
>> Shorewall that I should be using ?
>>
>> Thanks in Advance,
>>
>>
>> Richard
> 


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click

I haven''t tried using hosts.allow and hosts.deny myself, but from what
I read, they only apply to access from outside to programs running on
the machine itself.  That is, they don''t handle traffic that is routed
by the machine (as in your example), nor connections from the machine
and out.

Shorewall is far better.  Use the "rules" and "policy" files
to set
the restrictions you want.  You can read the documentation at
http://www.shorewall.net/2.0/

Note: Debian moves the original Shorewall configuration files, with
all Tom''s invaluable comments, to
/usr/share/doc/shorewall/default-config.  You may want to copy them to
etc/shorewall as your starting point.


Rune

On 1/6/06, Richard <rwh@bellfrog.com.au> wrote:
>
> >> Hello,
> >>
> >> I am using Debian Sarge, with Shorewall 2.2.3,
> >>
> >> for access control I am using hosts.allow :
> >>
> >> ALL: 144.131.xxx.xxx
> >>
> >> and hosts.deny:
> >>
> >> ALL: ALL
> >>
> >> I have a virtual machine that is being port forwarded to with
Shorewall :
> >>
> >> DNAT    net     loc:10.0.0.100  tcp     3389
> >>
> >> hosts.allow is not denying a request to the forwared rule.  it
denies ssh
> >> fine but not the port forward rule.
> >>
> >> Is there an access control file similar to hosts.allow and deny in
> >> Shorewall that I should be using ?
> >>
> >> Thanks in Advance,
> >>
> >>
> >> Richard
> >
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click