On Sat, Oct 9, 2010 at 8:02 PM, Christ Schlacta <aarc...@gmail.com> wrote:
> sounds pretty simple, your policy file should only have
> all all drop
> and your rules should have something like
> ACCEPT src dest tcp 8080
>
> replace src and dest with the appropriate src and dest, or use 0.0.0.0/0to
> let anything from or to anywhere on port 8080 pass.
>
> anything else should be trivial if you follow the howtos.
>
>
I"ve setup correcty shorewall as stand alone firewall as described on the
shorewall guide , still I don't know how to make a "drop all policy".
and allow ONLY connection to specific ip adress at specific port on the lan
or to the internet
here is an example :
my policy file has only this line uncommented : ( to implement drop all
policy ?!)
all all DROP info
my rules files : ( let's say, I allow only accept from my pc to ip adress
66.249.92.104 (google.com) only
# Drop Ping from the "bad" net zone.. and prevent your log from being
flooded..
Ping(DROP) net $FW
# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp
ACCEPT $FW net:66.249.92.104 http
sudo shorewall restart
is that the correct way to do it ?
thanks for taking time to reply
------------------------------------------------------------------------------
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users