Re: [Shorewall-users] All Open on Failure

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Tuesday, May 07, 2013 09:04:42 AM Tom Eastep wrote:
> Another thing here is to be sure to use 'shorewall show' (or 'iptables -L
> -n -v') when looking at the Netfilter filter table configuration. You
> can't tell what the state of the ruleset is by simply issuing 'Iptables
> -L' -- it's output is almost useless and can make you believe that you are
> wide open when you are not.
> 
> -Tom
> You do not need a parachute to skydive. You only need a parachute to
> skydive twice.

This looks like all is open to me:

# /etc/shorewall stop
# shorewall show
Shorewall 4.5.5.3 filter Table at droog - Tue May  7 09:09:26 PDT 2013

Counters reset Mon May  6 16:43:18 PDT 2013

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  104 10002 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   98  6364 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           