On 11/30/2017 10:31 PM, John McMonagle wrote: > I want to put our externally facing serversĀ on their own network with a > default outgoing policy of drop or reject. > > Will do rules on router. > > Will need a few rules to allow some outgoing. > For some rules a dns name is a lot easier as the ip may change > In all the cases I can think of a failure would not be catastrophic. > For example if the rule fails for the debian package server changes > would just not be able to update packages. > > If for some reason dns is not available at shorewall start time will > shorewall fail? >
Please see: http://shorewall.org/FAQ.htm#idm1175 > I can live with an occasional shorewall restart. > > If that will not work is there a better way to get it done? > Maybe address variables and shorewall-lite could be useful: http://www.shorewall.org/configuration_file_basics.htm#AddressVariables http://shorewall.org/Shorewall-Lite.html -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
