On Mon, Nov 17, 2008 at 02:40:18PM -0500, Michael Pobega wrote:> I currently have a two interface firewall setup on my laptop; One > interface being the ethernet and one being my wireless. Currently I have > rules in /etc/shorewall/rules that look like this: > > > ## Wesnoth > > > > ACCEPT net $FW tcp 15000 > > ACCEPT net $FW tcp 14999 > > ACCEPT wlan $FW tcp 15000 > > ACCEPT wlan $FW tcp 14999 > > As you can see, I''m copying over all of my rules from one interface > (net, i.e. eth0) to the other (wlan, i.e. ath0). Is there any way I can > just bind the two so that I only have to make rules once? >No one has any ideas? -- Follow my Tweets at http://twitter.com/pobega AIM:BlockMeHarder MSN:pobega@gmail.com JIM:pobega@jaim.at SIP:pobega@ekiga.net ICQ:467047394 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Michael Pobega wrote:> On Mon, Nov 17, 2008 at 02:40:18PM -0500, Michael Pobega wrote: >> I currently have a two interface firewall setup on my laptop; One >> interface being the ethernet and one being my wireless. Currently I have >> rules in /etc/shorewall/rules that look like this: >> >>> ## Wesnoth >>> >>> ACCEPT net $FW tcp 15000 >>> ACCEPT net $FW tcp 14999 >>> ACCEPT wlan $FW tcp 15000 >>> ACCEPT wlan $FW tcp 14999 >> As you can see, I''m copying over all of my rules from one interface >> (net, i.e. eth0) to the other (wlan, i.e. ath0). Is there any way I can >> just bind the two so that I only have to make rules once? >> > > No one has any ideas?Why don''t you simply place ''all'' in the SOURCE column? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Michael Pobega wrote:> On Mon, Nov 17, 2008 at 02:40:18PM -0500, Michael Pobega wrote: >> I currently have a two interface firewall setup on my laptop; One >> interface being the ethernet and one being my wireless. Currently I have >> rules in /etc/shorewall/rules that look like this: >> >>> ## Wesnoth >>> >>> ACCEPT net $FW tcp 15000 >>> ACCEPT net $FW tcp 14999 >>> ACCEPT wlan $FW tcp 15000 >>> ACCEPT wlan $FW tcp 14999 >> As you can see, I''m copying over all of my rules from one interface >> (net, i.e. eth0) to the other (wlan, i.e. ath0). Is there any way I can >> just bind the two so that I only have to make rules once? >> > > No one has any ideas?Or alternatively, why do you need separate zones in the first place? On my laptop, I have both eth0 and wlan0 associated with the ''net'' zone. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
On Wed, Nov 19, 2008 at 01:54:27PM -0500, Michael Pobega wrote:> On Mon, Nov 17, 2008 at 02:40:18PM -0500, Michael Pobega wrote: > > I currently have a two interface firewall setup on my laptop; One > > interface being the ethernet and one being my wireless. Currently I have > > rules in /etc/shorewall/rules that look like this: > > > > > ## Wesnoth > > > > > > ACCEPT net $FW tcp 15000 > > > ACCEPT net $FW tcp 14999 > > > ACCEPT wlan $FW tcp 15000 > > > ACCEPT wlan $FW tcp 14999 > > > > As you can see, I''m copying over all of my rules from one interface > > (net, i.e. eth0) to the other (wlan, i.e. ath0). Is there any way I can > > just bind the two so that I only have to make rules once? > > > > No one has any ideas? >Check the shorewall-nesting man page. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
On Wed, Nov 19, 2008 at 11:04:59AM -0800, Shorewall Geek wrote:> Michael Pobega wrote: > > On Mon, Nov 17, 2008 at 02:40:18PM -0500, Michael Pobega wrote: > >> I currently have a two interface firewall setup on my laptop; One > >> interface being the ethernet and one being my wireless. Currently I have > >> rules in /etc/shorewall/rules that look like this: > >> > >>> ## Wesnoth > >>> > >>> ACCEPT net $FW tcp 15000 > >>> ACCEPT net $FW tcp 14999 > >>> ACCEPT wlan $FW tcp 15000 > >>> ACCEPT wlan $FW tcp 14999 > >> As you can see, I''m copying over all of my rules from one interface > >> (net, i.e. eth0) to the other (wlan, i.e. ath0). Is there any way I can > >> just bind the two so that I only have to make rules once? > >> > > > > No one has any ideas? > > Or alternatively, why do you need separate zones in the first place? On > my laptop, I have both eth0 and wlan0 associated with the ''net'' zone. > >That''s why I''m mailing the list...I can''t see in any of the documentation HOW you go about using one zone for two interfaces. -- Follow my Tweets at http://twitter.com/pobega AIM:BlockMeHarder MSN:pobega@gmail.com JIM:pobega@jaim.at SIP:pobega@ekiga.net ICQ:467047394 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Michael Pobega wrote:> > That''s why I''m mailing the list...I can''t see in any of the > documentation HOW you go about using one zone for two interfaces. >man shorewall-interfaces and read the description of the ZONES column. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Shorewall Geek wrote:> Michael Pobega wrote: > >> That''s why I''m mailing the list...I can''t see in any of the >> documentation HOW you go about using one zone for two interfaces. >> > > man shorewall-interfaces > > and read the description of the ZONES column.Make that ZONE. And if you are running such an ancient version of Shorewall that it doesn''t have man pages then the 3.x manpages are online at http://www.shorewall.net/3.0/manpages/Manpages.html ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
On Wed, Nov 19, 2008 at 04:40:49PM -0800, Shorewall Geek wrote:> Shorewall Geek wrote: > > Michael Pobega wrote: > > > >> That''s why I''m mailing the list...I can''t see in any of the > >> documentation HOW you go about using one zone for two interfaces. > >> > > > > man shorewall-interfaces > > > > and read the description of the ZONES column. > > Make that ZONE. And if you are running such an ancient version of > Shorewall that it doesn''t have man pages then the 3.x manpages are > online at http://www.shorewall.net/3.0/manpages/Manpages.html >Thank you very much -- I did look through the docs beforehand but I couldn''t seem to find it. Now it''s working perfectly! -- Follow my Tweets at http://twitter.com/pobega AIM:BlockMeHarder MSN:pobega@gmail.com JIM:pobega@jaim.at SIP:pobega@ekiga.net ICQ:467047394 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/