PGNd
2014-Aug-18 00:10 UTC
shorewall-init usage with centrally-administered firewall mgmt? which PRODUCTS, and where to install?
Reading at "Closing the Firewall before the Network Interfaces are brought up" http://shorewall.net/Shorewall-init.html#Close The docs include ... There are two settings in the file: PRODUCTS Lists the Shorewall packages that you want to integrate with Shorewall-init. Example: PRODUCTS="shorewall shorewall6" That param is to be def'd, for opensuse, in /etc/sysconfig/shorewall-init I'm using a central administrative system, running shorewall/shorewall6, and pushing to remotes running shorewall-lite/shorewall6-lite. Which PRODUCTS should be defined? PRODUCTS="shorewall shorewall6" since I'm 'integrating' with the compiler on the administrative system running those? or PRODUCTS="shorewall-lite shorewall6-lite" since those are the systems that I'll actually be controlling ? The docs state "Shorewall Init can be used together with any combination of the other Shorewall packages." shorewall-init pkg is installed, currently, ONLY on the administrative system -- as it REQUIRES shorewall/shorewall6 dependencies. On the remotes, ONLY shorewall-lite shorewall6-lite shorewall-core , i.e., NO shorewall/shorewall6 are installed. Does shorewall-init need to be installed on each remote target, or only on the administrative machine? ------------------------------------------------------------------------------