Isn''t the following redundant: net $FW DROP info net loc DROP info net all DROP info in that the last rule (net all) will DROP everything and therefore the only additional input for this interraction would be under rules. similarly loc net ACCEPT loc $FW REJECT loc all REJECT doesn''t require the "loc $FW REJECT" line for the same reasons. True? Another question: I initially tried setting up my interfaces such that: net eth1 detect dhcp... loc eth0 detect dhcp... but no DHCP entry in rules. I got a lot of blocked UDP port 53 traffic. Where does the dhcp option come in (with the manpage instruction to include this) and how does that fit in with the DHCP rule. Do they both need to be present? redundant? Or is there something else in the background? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Allison wrote:> Isn''t the following redundant: > > net $FW DROP info > net loc DROP info > net all DROP info > > > in that the last rule (net all) will DROP everything and therefore the > only additional input for this interraction would be under rules. > > similarly > > loc net ACCEPT > loc $FW REJECT > loc all REJECT > > doesn''t require the "loc $FW REJECT" line for the same reasons. > > True?See "Logging tips" at http://linuxman.wikispaces.com/PPPPPPS. From a policy point of view, these policies are redundant but when using Shorewall-shell, they make the log messages easier to understand.> > Another question: > I initially tried setting up my interfaces such that: > > net eth1 detect dhcp... > loc eth0 detect dhcp... > > but no DHCP entry in rules. I got a lot of blocked UDP port 53 traffic.UDP port 53 is DNS, not DHCP. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Shorewall Geek wrote:>> but no DHCP entry in rules. I got a lot of blocked UDP port 53 traffic. > > UDP port 53 is DNS, not DHCP.Yeah.... I figured that out a few minutes ago. Jeez do I feel silly! ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/