On Wednesday 11 January 2006 12:17, Tom Eastep wrote: > On Wednesday 11 January 2006 12:11, Jim Ford wrote: > > On Wednesday 11 January 2006 10:45, Robert K Coffman Jr - Info From Data > > > > wrote: > > > It appears that you are misunderstanding what those commands do. See > > > http://www.shorewall.net/starting_and_stopping_shorewall.htm#id2507868 > > > for more detail. > > > > And for port knocking with Shorewall 2.x, you should be looking at > > http://www.shorewall.net/2.0/PortKnocking.html > > > > -Tom > > > > Thanks for the replies, Robert and Tom. I'd read the list of shorewall > > commands and assumed that they enabled you to modify the > > /etc/shorewall/rules on the fly from the command line. I'll have to > > re-read the docs! > > The commands only with with dynamic zones -- you need to enable dynamic > zones in /etc/shorewall/shorewall.conf before the commands do anything. > Once dynamic zones are enabled, the commands allow you to add and delete > (interface,address) pairs from zones. Dynamic zones have quite limited > capability and will be removed once ipsets are available in standard > kernels -- defining dynamic zones defined using ipsets are much more robust > than what is currently in Shorewall.
Please disregard my last post -- I was thinking of "add" and "delete" rather than "allow", "drop" and "reject". "drop" and "reject" are used to drop or reject traffic from the supplied ip address. "allow" reverses the effect of prior "drop" and "reject" commands. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpZovhjdCBbu.pgp
Description: PGP signature
