From: <CA...@qu...> - 2013-05-07 23:51:43
|
On Tuesday, May 07, 2013 09:04:42 AM Tom Eastep wrote: > Another thing here is to be sure to use 'shorewall show' (or 'iptables -L > -n -v') when looking at the Netfilter filter table configuration. You > can't tell what the state of the ruleset is by simply issuing 'Iptables > -L' -- it's output is almost useless and can make you believe that you are > wide open when you are not. > > -Tom > You do not need a parachute to skydive. You only need a parachute to > skydive twice. This looks like all is open to me: # /etc/shorewall stop # shorewall show Shorewall 4.5.5.3 filter Table at droog - Tue May 7 09:09:26 PDT 2013 Counters reset Mon May 6 16:43:18 PDT 2013 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 104 10002 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 98 6364 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 |