There is inconsistent default behavior between Shorewall 4.6.13.4 and
Shorewall6 4.6.13.4. Both have
DROP_DEFAULT=Drop
in their config file but Shorewall drops auth packets and Shorewall6
rejects them.
According to the documentation <http://shorewall.net/4.6/Actions.html>, I
think, Shorewall is correct.
firewall# grep DROP_DEFAULT /etc/shorewall*/shorewall*.conf
/etc/shorewall/shorewall.conf:DROP_DEFAULT=Drop
/etc/shorewall6/shorewall6.conf:DROP_DEFAULT=Drop
firewall# shorewall show | grep 113
firewall# shorewall6 show | grep 113
0 0 reject tcp * * ::/0
::/0 tcp dpt:113 /* Auth */
0 0 reject tcp * * ::/0
::/0 tcp dpt:113 /* Auth */
firewall#
firewall# grep DROP_DEFAULT /etc/shorewall*/shorewall*.conf
/etc/shorewall/shorewall.conf:DROP_DEFAULT="Drop(-,REJECT)"
/etc/shorewall6/shorewall6.conf:DROP_DEFAULT="Drop(-,REJECT)"
firewall# shorewall show | grep 113
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113 /* Auth */
firewall# shorewall6 show | grep 113
0 0 reject tcp * * ::/0
::/0 tcp dpt:113 /* Auth */
0 0 reject tcp * * ::/0
::/0 tcp dpt:113 /* Auth */
firewall#
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
