2012/10/23 Simon Hobson <[email protected]>
> I.S.C. William wrote:
>
> >I have a question regarding the rules ..
> >
> >I have the following policy Polici my rules:
> >
> >loc loc ACCEPT
> >loc all REJECT info
> >net all DROP info
> >fw all ACCEPT
> >vpn all ACCEPT
> >
> >My question is ... taking this rule, with that I have closed all
> >ports on the computer, it is not necessary to close some other port
> >placing RULES?
> >
> >I just want to close everything and open only the ports I want.
>
> Those policies will allow all traffic that originates in the loc and
> vpn zones or on the firewall itself. Traffic originating from the net
> zone will be blocked. Assuming "net" is "the internet" and loc and
> vpn are internal, then you will have free access internally and TO
> the internet, but there will be no inbound traffic FROM the internet
> allowed.
>
> If that is what you want, then you need add no other rules.
>
> If you want to restrict outbound traffic, or intra-zone internal
> traffic, then you'll need to either add rules to block what you don't
> want to allow - or change the policies accordingly and add rules to
> allow what you want to allow.
>
>
> PS - it's really bad etiquette to send requests directly to
> individuals rather than just to the mailing list.
>
> --
> Simon Hobson
>
Thanks Simmon ..
For it is exactly what I want, block all access to the local network (loc)
to internet (net) and similar as net2loc, that only can select that port
open.
You say that I need one more rule, I could mention that but I need to
accomplish this?
Note: If you understand what's wrong route it to an individual, as did one
of them speak Spanish and could help me, since my current language is
Spanish. Thank you.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
