Robert Moskowitz
2008-Jan-01 18:16 UTC
New to shorewall -- understanding where things work from
I have Shorewall installed on a Centos 5 box, managed via Webmin. The shorewall web site notes that Shorewall is NOT a deamon. But I see a shorewall service running? I see all of shorewall''s files in /etc/shorewall, but by my reading, these are processed then something is ''outputted'' that the system is using realtime. It is not /etc/sysconfig/iptables, that is unchanged from when I built the system (is this still being used and impacting what is allowed, packet-wise). Please point me to information on this. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep
2008-Jan-01 18:58 UTC
Re: New to shorewall -- understanding where things work from
Robert Moskowitz wrote:> I have Shorewall installed on a Centos 5 box, managed via Webmin. > > The shorewall web site notes that Shorewall is NOT a deamon. But I see > a shorewall service running?Firewall''s under Linux use SysV init for activation during boot. Hence, they act like a service even though there is no firewall process that runs in the system.> > I see all of shorewall''s files in /etc/shorewall, but by my reading, > these are processed then something is ''outputted'' that the system is > using realtime. It is not /etc/sysconfig/iptables, that is unchanged > from when I built the system (is this still being used and impacting > what is allowed, packet-wise).The ''shorewall start'' command (which is invoked by /etc/init.d/shorewall) compiles your configuration into a shell script named /var/lib/shorewall/.start. That script is then executed to configure Netfilter, /proc, etc. to match your configuration.> > Please point me to information on this.Assuming that you are using Shorewall 4.0, the articles I would suggest are: - http://www1.shorewall.net/Introduction.html - http://www1.shorewall.net/Anatomy.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/