Re: [Security Firewall] rules special declaration

[Justin Grote]

Hi Jose, hope this translates well.

You have to use the MNF web interface because it keeps all it's information in a 
central file, the one you found. This is so it is easy to backup this single file and 
restore a firewall from scratch.

Unfortunately, there is no way for MNF to read custom rules (yet). You can define the 
rules you asked for, however.

Go to Firewall -> Rules -> Add Custom Rule

You should be able to define every rule you listed there by putting in the custom 
ports.

Also, be careful about hand-editing /etc/ files with MNF. If you change your 
configuration in the web interface, your manual changes will disappear.

Hope that helps,

______________________________
Justin Grote
Network Architect, CCNA
JWG Networks
Email: [EMAIL PROTECTED] (remove nospam-)
SMS:   [EMAIL PROTECTED] (remove nospam-)
Phone: (208) 631-5440

------------------------------
Original Message Follows
------------------------------
JMR> Hello:

JMR> I have running a MNF 8.2 box. Now I use squid with smb authentication
JMR> against a Debian machine with samba configured like PDC. I have modified
JMR> manualy the rules file from /etc/shorewall and stop/start shorewall, in
JMR> order to permit the traffic between two machines when squid use the smb_auth
JMR> method to try the authentication. The rules are:
JMR> ...
JMR> ACCEPT  fw      lan     udp     137:139 -
JMR> ACCEPT  fw      lan     tcp     137,139,445     -
JMR> ACCEPT  fw      lan     udp     1024:   137
JMR> ACCEPT  lan     fw      udp     137:139 -
JMR> ACCEPT  lan     fw      tcp     137,139,445     -
JMR> ACCEPT  lan     fw      udp     1024:   137
JMR> ...

JMR> Now, using the web interface of MNF, i can't view the new rules.

JMR> Searching in the archive of this list, i found that the actual configuration
JMR> reside in /var/lib/naat/configuration file and that the recomendation for
JMR> add new rules is using the web interface. OK (:-{

JMR> I you see the rules that i've writed, now i have 14 new rules using the web
JMR> interface because ...

JMR> - Can i use a special/undocumented port declaration like 137:139 (137 thru
JMR> 139) and not, one rule for 137, one for 138 and one for 139 ?
JMR> - How can I declare third and sixth of my rules?

JMR> Thanks in advance.

JMR> --- Google literaly translated (Spanish -> English) ---
JMR>  Pardon by my badly English.
JMR>  Pardon by the so long description that I have narrated to you
JMR> --- Google literaly translated (Spanish -> English) ---

smime.p7s
Description: S/MIME Cryptographic Signature