On 11/30/19 5:12 PM, William Atkinson wrote: > So if I put the DROP blacklist rules back and leave everything else > alone, does that mean that the firewall should be able to access the > Internet? >
No. You still need ACCEPT rules in the NEW section of the rules file for the traffic that you wish to allow. Traffic through the firewall first goes through the blacklisting rules (unless the incoming interface has the 'nobl' option), then it goes through the rules in the rules file. If not handled by any of those rules, it is then subjected to the appropriate policy. So it really makes no sense to perform blanket protocol/port filtering in the blacklisting rules as you are doing. That filtering is best done by entries in the rules file. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
