On 1/30/2018 11:22 AM, Matt Darfeuille wrote:
ACCEPT net $FW tcp 6535
ACCEPT net $FW udp 6534
ACCEPT net $FW tcp 22
From:
http://shorewall.org/manpages/shorewall-rules.html
"Warning
If you masquerade or use SNAT from a local system to the internet, you
cannot use an ACCEPT rule to allow traffic from the internet to that
system. You must use a DNAT rule instead."
EG:
DNAT net $FW tcp 22
This warning does not apply to the firewall. It's saying you have to DNAT to
devices _behind_ the firewall.
Bil
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
