Hello, I guess the question I have is about your 'loc' zone.
Since it is a single interface firewall I think you would pay attention to the FW to <Zone> and <Zone> to FW policies. and perhaps disable packet forwarding? ----------------- Leandro Avila > On Friday, July 18, 2014 12:04 AM, rooster <yawowb+shorew...@nuclei.ca> wrote: > > Hello list, > > I am preparing an upgraded server for my users and I’d like to confirm > that > I have my setup correct for this single interface unit. > > interfaces : > > net eth0 dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0 > vpn tun0 > > > zones : > > fw firewall > net ipv4 > loc ipv4 > vpn ipv4 > > policy : > > loc all ACCEPT warn > $FW net ACCEPT warn > vpn all ACCEPT info > net all REJECT warn > all all REJECT warn > > rules - currently only allowing SSH and DNS traffic > > shorewall.conf - default settings from what I recall, though I can review any > specifics if needed > > — > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
