Just a point of order here, and I'm sure I'm misinterpreting this, but it looks
like my firewall is wide open. I'd understood that the first matching rule it
comes to, it accepts for a given packet.
Is it the policy DROP that's calling the shots for each chain??
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
net2fw all -- anywhere anywhere
net2fw all -- anywhere anywhere
local2fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix "Shorewall:INPUT:DROP:"
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
net_frwd all -- anywhere anywhere
net_frwd all -- anywhere anywhere
local2net all -- anywhere anywhere
local2net all -- anywhere anywhere
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix "Shorewall:FORWARD:DROP:"
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
fw2net all -- anywhere anywhere
fw2net all -- anywhere anywhere
fw2local all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix "Shorewall:OUTPUT:DROP:"
DROP all -- anywhere anywhere
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
