Greetings, I'm new to Shorewall but not to working with Iptables. Shorewall is the simplest firewall front end I have found thus far. I'm currently trying to build a Cfengine policy to maintain Shorewall configurations. My main problem at them moment is confirming that the running iptables rules match what Shorewall originally built.
If I understand Shorewall correctly the file /var/lib/shorewall/.iptables-restore-input is built by Shorewall during a start or restart. My goal was to have a mechanism to compare a current iptables-save to .iptables-restore-input to see if they match. Alas it seems that the syntax of the two files differs. root@sol:~/inputs# iptables-save |grep 113 -A Drop -p tcp -m tcp --dport 113 -m comment --comment "Auth" -j reject -A Reject -p tcp -m tcp --dport 113 -m comment --comment "Auth" -j reject root@sol:~/inputs# grep 113 /var/lib/shorewall/.iptables-restore-input -A Drop -p 6 --dport 113 -j reject -m comment --comment "Auth" -A Reject -p 6 --dport 113 -j reject -m comment --comment "Auth" It is my hope that list members who have better Shorewall know-how might be able to suggest a way to achieve my goal. How can I check that Shorewall's rules match the current running Iptables rules? Sincerely, -- Neil Watson Linux/UNIX Consultant http://watson-wilson.ca ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
