Il ven, 2004-10-01 alle 13:38, security ha scritto: > Hello all, > > Florin, I have a couple questions for you. I've installed the > pre-alpha ISO and aside from a little network card detection glitch it > installed beautifully (the cards don't appear in the MNF web > interface). My first test was to restore a backup configuration file > to an identical machine running the 10.0 from our current 8.2 > firewall. Oops, big mistake. Apparently the zones are defined > differently and I've now locked myself out of the LAN interface... no > biggie but it brings me to a question I've had for a while. Will > there be a way (or would you please consider adding it) to do a > pre-check on the rules before shorewall attempts to restart? I've > been in a hurry before or not thinking and I've made rules that the > interface accepts but shorewall pukes on. For instance, you would > never make a rule: > > ACCEPT wan dmz icmp 0:65535 (all ports) --- --- > > This would effectively bring the firewall down and force you to log on > locally, change the /etc/shorewall/rules file, restart shorewall, then > re-enter the interface so the database can get changed too. > > > Question #2 - Traffic Shaping > Honestly this is fantastic and it's so very welcomed. However, would > it be possible to TS by IP? We have a number of chat servers and I'd > LOVE to shape them via the FW instead of by each machine. > > This also brings me to a humble suggestion. Just a suggestion but you > may want to have a checkbox by the rules that would "disable" the rule > instead of deleting it. The database could keep the rule around but > would ultimately not write rules to the configs that were checked > "disabled". This allows you to test rules first instead of just > deleting them and having to re-add them. > > I LOVE your firewall. > > Jim McCormick > Cencore
REPLY for those not agreed with HTML MAIL ������������������������������������������������������� ------------------------------------------------------- -------------------PLEASE TEXT MAIL only--------------- ------------------------------------------------------- �������������������������������������������������������
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
