On Wed, Mar 21, 2007 at 09:28:25AM +0100, Tristan DEFERT wrote: > Le mercredi 21 mars 2007 à 09:00 +0100, Toralf Niebuhr a écrit : > > HI. > > > > My plan is to limit the ip address 192.168.3.150 to the local zone only. > > > > First my policy: > > > > =====>>>>>>>>>>> loc all ACCEPT > Policies override any rules !!! > should use reject/drop instead > and allow some trafic in rules > Actually, all that does is allow all outbound traffic from the local zone. If you change that to DROP or REJECT, then you must enable all outbound traffic on a case-by-case basis. That is usually not what people want.
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
