Toralf Niebuhr wrote: >i added this line >>> loc loc ACCEPT >because i din't know if the firewall could/would do anything if i >want to send file from one client to another.
Unless you have a bridge and the client-client traffic goes through it, then you cannot do anything about that traffic. In a switched network, the server/firewall will not even see the packets. >and those are ok (i think so) >>> loc fw ACCEPT >>> fw all ACCEPT >because i know exactly what service are runing on my server an i >didn't want to bother writing rules for each one of them. Then with all due respect you can't be bothered to do it properly. You either accept that your firewall is 'loose' or you do the work in selecting what outbound connections are allowed. If you know what you are running then it's easy to write rules to allow it, only then can you claim to be running a tight firewall - the reason for controlling outbound connections is not to allow what you know you're running, but to prevent what you don't know about (either now or at some point in the future). ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
