I cannot find any documentation on a default-policy file, yet there is one on the one system I set up with Shorewall back in January. What is the role of default-policy compared to policy file? Also I want my basic behaviour to be to allow all traffic between zone Int and Ext and to drop all to fw except what the rules allow. I guess port 80 from fw to Int and Ext needs to be allowed for yum updates (I have my own repo internally). But to drop all else from fw to Int or Ext. So far I have: interfaces file: Ext eth0 detect blacklist Int eth1 detect Will need to change eth0 to ppp0 per prior note, and I need to figure out what if anything goes in the blacklist file (want my main firewalls to do reporting on the attacks I am getting). zones file: fw firewall Int ipv4 # Ext ipv4 # default-policy file: all fw DROP info Note: nothing in the policy file yet. rules: SECTION NEW ACCEPT all all icmp ACCEPT all fw tcp 2222 ACCEPT all fw tcp 10000 ACCEPT Int fw tcp 5902:5903 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE And service shorewall start fails with: No policy defined from zone fw to zone Int So I need some more thought on this.... ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Robert Moskowitz wrote:> I cannot find any documentation on a default-policy file, yet there is > one on the one system I set up with Shorewall back in January. > > What is the role of default-policy compared to policy file?There is no default-policy file in Shorewall as it is released from shorewall.net. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Tom Eastep wrote:> Robert Moskowitz wrote: > >> I cannot find any documentation on a default-policy file, yet there is >> one on the one system I set up with Shorewall back in January. >> >> What is the role of default-policy compared to policy file? >> > > There is no default-policy file in Shorewall as it is released from > shorewall.net.OK. thanks. I think I have dug out how I came to have a default-policy file in the first place on the firewall I built back in January. A little too literal reading of the docs <blush>. ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08