Dear all: Im using shorewall in 6 servers and Im really happy with it. Today, I had a problem with the firewall not starting and I found the problem was that the DNS server was unreacheable and one of my rules lines had a hostname in it: AllowWeb $FW net:security.debian.org is this recommended? Maybe I should pick a mirror site and use that IP address instead of the domain name (security.debian.org resolves to lots of ip addrs) Thanks in advance! -- Martin Sarsale - martin@malditainternet.com ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Martin Sarsale wrote:> Dear all: > > Im using shorewall in 6 servers and Im really happy with it. > > Today, I had a problem with the firewall not starting and I found the > problem was that the DNS server was unreacheable and one of my rules > lines had a hostname in it: > > AllowWeb $FW net:security.debian.org > > is this recommended? Maybe I should pick a mirror site and use that IP > address instead of the domain name (security.debian.org resolves to > lots of ip addrs) > > Thanks in advance! > >Please see http://www.shorewall.net/configuration_file_basics.htm#dnsnames -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> Please see http://www.shorewall.net/configuration_file_basics.htm#dnsnamesthanks for you answer and for shorewall, tom ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On 9/3/06, Martin Sarsale <martin@malditainternet.com> wrote:> AllowWeb $FW net:security.debian.orgThe IP address is resolved when shorewall inserts the rule, it is not dynamic. If you''re really interested in securing this config, I would suggest one of the following a) squid, allow only to security.debian.org b) apt-cache on your firewall machine, and allow this machine alone to access external world. Since I don''t know how secure apt-cache is, I would suggest squid. Prasanna. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> a) squid, allow only to security.debian.orgsquid, you mean running the proxy server? what for? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642