egon phillips wrote:> Hi Mr. Eastep.
In the future, please direct your Shorewall questions to the Shorewall
User''s mailing list
(shorewall-users@lists.sourceforge.net).>
> I''ve managed to configure Shorewall, on one of our
> router/firewalls. The firewall seems to be working.
Hopefully you followed the instructions in the HOWTOs at
http://www.shorewall.net/shorewall_quickstart_guide.htm.
> However, I have four questions, I was wondering if you
> might answer?
>
> What is the difference between "$FW" and "fw"?
$FW expands the shell variable FW to produce its value. The normal value
of FW is ''fw''. So provided that you defined the firewall zone
to be
''fw'', there is no difference. (You failed to mention which
version of
Shorewall that you installed so I can''t be more specific -- FW is
defined differently in Shorewall 3.0 and later vs. earlier versions).
> What is the difference between "all" and "net"?
''all'' means ALL ZONES defined in /etc/shorewall/zones
(including $FW).
''net'' means the zone with the name ''net''.
>
> Does Shorewall support virtual interfaces of the form:
> ethN:M, i.e. eth0:0?
Please see http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html.
>
> How can I determine the ip addresses that are mapped
> to "$FW" or "fw"?
>
Use the command ''ip addr ls''. All IPV4 addresses displayed
will be
mapped to the firewall zone.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key