On 8/27/2013 2:02 PM, Thomas Harold wrote: > We have a bonded pair of ethernet ports (eth0+eth1 -> bond0) defined in > /etc/shorewall/interfaces as: > > loc bond0 > > The /etc/shorewall/zones is: > > fw firewall > loc ipv4 > net ipv4 > > When shorewall is stopped, I want to still allow traffic from the local > zone (bond0) to the firewall to open up SSH. So in > /etc/shorewall/stoppedrules I put: > > ACCEPT $FW bond0 > ACCEPT bond0 $FW tcp 22 > > But "nmap -Pn -p 1-1024 172.30.0.2" reports that all ports are filtered > when shorewall is stopped. > > Are there other files that need to be configured to make use of > /etc/shorewall/stoppedrules?
No. Please forward the output of 'shorewall dump' taken when the firewall is in the stopped state. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
