I want to put our externally facing servers on their own network with a
default outgoing policy of drop or reject.
Will do rules on router.
Will need a few rules to allow some outgoing.
For some rules a dns name is a lot easier as the ip may change
In all the cases I can think of a failure would not be catastrophic.
For example if the rule fails for the debian package server changes
would just not be able to update packages.
If for some reason dns is not available at shorewall start time will
shorewall fail?
I can live with an occasional shorewall restart.
If that will not work is there a better way to get it done?
John
--
John McMonagle
IT Manager
Advocap Inc
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
