I.S.C. William wrote: >I have a question regarding the rules .. > >I have the following policy Polici my rules: > >loc loc ACCEPT >loc all REJECT info >net all DROP info >fw all ACCEPT >vpn all ACCEPT > >My question is ... taking this rule, with that I have closed all >ports on the computer, it is not necessary to close some other port >placing RULES? > >I just want to close everything and open only the ports I want.
Those policies will allow all traffic that originates in the loc and vpn zones or on the firewall itself. Traffic originating from the net zone will be blocked. Assuming "net" is "the internet" and loc and vpn are internal, then you will have free access internally and TO the internet, but there will be no inbound traffic FROM the internet allowed. If that is what you want, then you need add no other rules. If you want to restrict outbound traffic, or intra-zone internal traffic, then you'll need to either add rules to block what you don't want to allow - or change the policies accordingly and add rules to allow what you want to allow. PS - it's really bad etiquette to send requests directly to individuals rather than just to the mailing list. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
