OK, I was intrigued by earlier posts in the "VoIP, getting ICMP destination unreachable" thread and started digging up info on the above 2 modules and their use on Shorewall.
I found a good starting-point reference here - http://wiki.freeswitch.org/wiki/Firewall, but I am still unclear as to the function of this two modules - what are they actually 'helping' with? The link gives brief information about the various module parameters, but they are a bit sketchy and apart from the "ports" parameter I am not completely clear what the rest of them mean? So, how are these modules helping? Establishing pin holes in the firewall for voip connection/traffic to go through? Establishing connection tracking so that when initial connection to voip server is made on :5060 all subsequent connections initiated/received (on random high ports) are treated as part of this RELATED initial connection to :5060? If so, do I need to define separate rules for them or adding just one rule for connection to the voip server to :5060 would be enough? What about the SELinux contexts - are they kept the same provided all other connections are treated the same by the above 2 'helper' modules? I am asking all these questions because up until now I had no idea about their existence and all my voip traffic (and it is a LOT of it in my case) is confined by explicit rules defined in the rules file (I also use a specifically designed voip proxy which routes all my internal voip traffic coming from all 3 subnets to an external provider). These rules are matched/related together by defined uid/gid of the process which runs my voip traffic show. I checked with lsmod and the above two modules are indeed loaded on my main firewall machine (where Shorewall is), though they are not specifically configured in any way. Any info or experience shared on the usage and configuration of these two modules and the appropriate Shorewall setup is welcome! ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
