Benjamin Hackl wrote:
> When running shorewall make sure that iptables and ip6tables is set to
> off.
>
> chkconfig iptables off
> chkconfig ip6tables off
I must admit I didn't realize iptables should be off.
Suppose you modify /etc/shorewall/rules and re-start shorewall;
is that effective without iptables running (if only briefly)?
I read in <http://www.shorewall.net/standalone.htm>
"Once you have Shorewall running to your satisfaction,
you should totally disable your existing firewall"
which seems to leave the position slightly ambiguous.
> There is no need to change the forwarding settings. Shorewall will do
> that for you.
In my case (editing ipconfig-eth1) forwarding was stopped
although I hadn't re-booted.
Presumably I would have had to re-start shorewall to re-install forwarding?
In any case I have edited /etc/sysctl.conf now to make sure it is on.
I notice that on stopping iptables I get the message
[tim@alfred shorewall]$
sudo service iptables stop
iptables: Flushing firewall rules: [ OK ]
Does this mean shorewall has to be re-started?
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
