Shorewall users - Jan 2006 - New 'rules' file format: examples of uses for RELATED, ESTABLISHED

Hi,

I''ve been using shorewall for a few years, and I noticed the new
"rules"
file format while upgrading my config to the 3.x release.  I read the 
warnings and suggestions in the comments, and set all my old rules under 
"SECTION NEW", like it said.  So far, it seems to be working like it 
used to, which is just fine.

My question:  does anyone have examples of what can be done with the new 
functionality?  I don''t know if it''s something that could help
me (I
have a pretty straightforward setup), but I''m always interested in 
experimenting.

So if anyone (including Tom, if you have the time to respond) can give 
me an example of how they use "RELATED" and "ESTABLISHED"
rules, I would
really appreciate it.  Nothing fancy, just an idea of what can be done.

-Ryan


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click

On Wed, 2006-01-11 at 08:35 +0000, Ryan B. Lynch wrote:
> My question:  does anyone have examples of what can be done with the new 
> functionality?  I don''t know if it''s something that could
help me (I
> have a pretty straightforward setup), but I''m always interested in
> experimenting.
> 
> So if anyone (including Tom, if you have the time to respond) can give 
> me an example of how they use "RELATED" and
"ESTABLISHED" rules, I would
> really appreciate it.  Nothing fancy, just an idea of what can be done.
Actually, I would, too, like to know about it. The examples in the
shorewall site does not indicate the uses for it and while I understand
the meaning of the RELATED/ESTABLISHED etc rules, I''m not sure where to
put my rules.



-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 17:46:49 up 19:49, 6 users, load average: 0.20, 0.31, 0.26 




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

On Monday 13 March 2006 01:46, Ow Mun Heng wrote:
> On Wed, 2006-01-11 at 08:35 +0000, Ryan B. Lynch wrote:
> > My question:  does anyone have examples of what can be done with the
new
> > functionality?  I don''t know if it''s something that
could help me (I
> > have a pretty straightforward setup), but I''m always
interested in
> > experimenting.
> >
> > So if anyone (including Tom, if you have the time to respond) can give
> > me an example of how they use "RELATED" and
"ESTABLISHED" rules, I would
> > really appreciate it.  Nothing fancy, just an idea of what can be
done.
>
> Actually, I would, too, like to know about it. The examples in the
> shorewall site does not indicate the uses for it and while I understand
> the meaning of the RELATED/ESTABLISHED etc rules, I''m not sure
where to
> put my rules.
The only use that I can think of for the RELATED and ESTABLISHED sections is 
to pass traffic to the QUEUE target for Snort Inline (that''s why I
added the
feature). And since I have no interest in running Snort Inline, I
haven''t
personally used RELATED or ESTABLISHED rules (and I am unlikely to do so in 
the future).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Mon, 2006-03-13 at 06:58 -0800, Tom Eastep wrote:
> On Monday 13 March 2006 01:46, Ow Mun Heng wrote:
> > On Wed, 2006-01-11 at 08:35 +0000, Ryan B. Lynch wrote:
> > > me an example of how they use "RELATED" and
"ESTABLISHED" rules, I would
> > > really appreciate it.  
> >
> > Actually, I would, too, like to know about it. The examples in the
> > shorewall site does not indicate the uses for it and while I
understand
> > the meaning of the RELATED/ESTABLISHED etc rules, I''m not
sure where to
> > put my rules.
> 
> The only use that I can think of for the RELATED and ESTABLISHED sections
is
> to pass traffic to the QUEUE target for Snort Inline (that''s why I
added the
> feature). And since I have no interest in running Snort Inline, I
haven''t
> personally used RELATED or ESTABLISHED rules (and I am unlikely to do so in
> the future).
Thanks Tom for the explanation. Much Appreciated piece of info which
means I can still be happy with my existing rules.


-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 10:38:23 up 1 day, 12:41, 6 users, load average: 0.33, 0.24,
0.25 




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642