Greetings, I am a new user of Shorewall. thanks Tom for all your work and your unbelievable responsiveness on this list. You must not sleep :)
I recently switched the firewall for our small network to Shorewall. Everything is working great. I am running Shorewall on openSuse 11.4. I want to make sure that all security patches for the OS are applied. Naturally connections from the firewall to the net are blocked by default. My first thought is to add a rule allowing access from the firewall to the particular mirror that I use for openSuse updates (ftp.utexas.edu). openSuse uses wget for updates and the ftp.utexas.edu accepts http as well as ftp. Dig shows that ftp.utexas.edu has ip address 146.6.54.21 The Rule would then be: ACCEPT $FW net:146.6.54.21 tcp 21 or else ACCEPT $FW net:146.6.54.21 tcp 80 or even ACCEPT $FW net:146.6.54.21 tcp 21,80 To my untrained eye this seems pretty safe. If necessary I could comment out the rule when not checking or updates and restart shorewall. I just wondered if this is okay adn what other people do to update the OS that is running shorewall. Mike -- Michael A. Coan Woodlawn Foundation 524 North Avenue, Suite 203 New Rochelle, NY 10801-3410 Tel: 914-632-3778 Fax: 914-632-5502 ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
