On 05/08/2013 07:16 AM, Tom Eastep wrote: > On 05/08/2013 06:43 AM, cac...@quantum-sci.com wrote: >> On Tuesday, May 07, 2013 11:59:49 PM Paul Gear wrote: >>> On 05/08/2013 02:50 PM, cac...@quantum-sci.com wrote: >>>> On Tuesday, May 07, 2013 06:19:01 PM Tom Eastep wrote: >>>>> Then your firewall was *NOT* open from the net. >>>> >>>> Well then why does it *say* everything is open? >>> >>> It doesn't. There's a DROP policy by default on every chain. It's only >>> open for traffic on the eth0 & lo interfaces. >> >> But notice that for every chain these are accept all? >> >> INPUT >> 104 10002 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 >> ctstate RELATED,ESTABLISHED >> >> FORWARD >> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 >> ctstate RELATED,ESTABLISHED >> >> OUTPUT >> 98 6364 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 >> ctstate RELATED,ESTABLISHED >> > > Accept all packets that are part of an *existing connection* or that are > related to *an existing connection*. >
The only time that you should see an open firewall after boot is when
${VARDIR}/firewall does not exist and compilation of the configuration
fails.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
