-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Wegner wrote: > I am a happy long time user of Bering uCLIB and the three-interface > Shorewall (and their predessecors) with my DSL line. The uClib team > and Tom Eastep are the greatest! Not to mention other folks on this > list. Thanks! > > Either of these two entries in shorewall rules on my Leaf router > appears to enable me to use Bittorrent: > > DNAT net loc:192.168.1.203 tcp 6881:6889,6969 - $ETH0_IP > > or: > > ACCEPT net loc tcp 6881:6889,6969 > > Of course the DNAT works only on one machine (192.168.1.203 ). The > ACCEPT form allows me to use BitTorrent on any of several machines. > > Here is my question: is there any down side to using the ACCEPT form? > Is it less secure? Since I am on a home network I am controlling all > the machines, and am the only one running BitTorrent.
If you are using NAT from the loc zone to the net zone then the ACCEPT rule does absolutely nothing except open up those ports for clever people on your immediate external network. It will have no effect on traffic from the internet at large unless you also have entries in /etc/shorewall/nat. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBcVXuO/MAbZfjDLIRAmzKAKCwULeBGjcpp/Q8RflrTe9Sc9j47QCgt8Xo sFa1fxIIyNDlGOYdxYikpnU= =yHaH -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
