Menu
▾
▴
[Shorewall-users] redundant rules ?
|
From: Holger <li...@ne...> - 2003-10-15 14:18:44
|
Hello,
i'm new to shorewall, but i really like it a lot. it's quite similar to
the firewall concept i did on my own. i also created zones in my own
script, although not as simple to configure as shorewall. great work.
what i am trying to accomplish:
dsl dialup (pppoe) dsl leased line
dynamic ip fixed ip range
| |
| transport net |
shorewall router 2 --------- shorewall router 1 --- dmz
|
|
local net(s)
(3 subnets)
router 2 is currently running my own setup and does all of the work
involved in router2 and 1 in one configuration. because of this setup we
are using source ip routing on that box to determine on which dsl line
will get used for external traffic.
now i want to split this one box into two boxes to get better
possiblility of management and most important, to have a vpn endpoint
(on router 1).
im currently setting up router one and noticed some redundant rules in
some chains created by shorewall (complete status attached). for example
chain dmz_frwd looks like this:
Chain dmz_frwd (2 references)
target prot opt in out source destination
dmz2net all -- * eth1 0.0.0.0/0 0.0.0.0/0
dmz2net all -- * eth1 0.0.0.0/0 0.0.0.0/0
dmz2loc all -- * eth3 0.0.0.0/0 10.0.0.0/24
dmz2loc all -- * eth3 0.0.0.0/0 10.0.1.0/24
dmz2loc all -- * eth3 0.0.0.0/0 192.168.3.0/24
dmz2loc all -- * eth3 0.0.0.0/0 10.0.0.0/24
dmz2loc all -- * eth3 0.0.0.0/0 10.0.1.0/24
dmz2loc all -- * eth3 0.0.0.0/0 192.168.3.0/24
ACCEPT all -- * eth0 0.0.0.0/0 217.89.141.24/29
ACCEPT all -- * eth0 0.0.0.0/0 217.5.177.76/30
as you can see, line 1,2 ; 3,6 ; 4,7 ; 5,8 are exactly the same. is this
a bug or a feature ?!? it won't do any harm although these lines are not
really neccesary.
thanks for your help
Holger Brueckner
net-labs Systemhaus GmbH
|