On Sun, Oct 29, 2006 at 07:33:31PM +0000, Wackojacko wrote: > >celejar <[EMAIL PROTECTED]> wrote: > > > > > >>Hi, > >> > >>I use shorewall to create a local (personal) firewall on my sid > >>machine. I have a wireless nic which is sometimes connected to my > >>private wireless network which I control and can secure (with WPA or > >>WPA2), and sometimes to other networks which are insecure (eg. airport > >>hotspot). I use ifscheme to manage the different network > >>configurations, and I obviously have different security assumptions > >>about the two situations. What is the standard way to have shorewall > >>treat the two situations differently? I'm using the Madwifi driver, so > >>a simple trick is to simply bring up the card as ath0 on the private > >>network and ath1 on the public network and to write shorewall config > >>files accordingly, but this is a bit of a kludge and not portable to > >>other drivers. > >>The most straightforward technique I can think of is to call pre-up > >>scripts in /etc/network/interfaces that will manipulate the shorewall > >>config files (eg. modify /etc/shorewall/zones , policy, and/or rules) > >>but I'm wondering if there's a more standard way to do this - it seems > >>like a fairly common requirement. > >
What about having two sets of shorwall config files (where they would differ for the two setups), use a .loc and .pub extension. Then write a script that copies the .loc or .pub files to their regular names, then reruns shorewall. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
