Re: port _redirection_ within single machine | SOLUTION
On Fri, 2004-08-20 at 08:32, Martin Slouf wrote:
... snip ...
> and a (simple) questions once more:
>
> im using shorewall as my iptables scripts (i found it quite simple to
> set up) and im quite satisfied with it. my questions are for shorewall
> users.
>
> 1. when something is set up not correctly, the firewall ends up with
> dropping all the packets -- that is not very good for distant management
> and this "feature" is forcing me to write my own firewall scripts to
> assure that ssh is always available at least.
Use the 'routestopped' option in your interfaces file. Then when you
'shorewall restart' with a faulty config you will be able to get back in
to fix it. I had this problem and locked myself out of a remote firewall
I was updating a couple of times before I found the answer. It is
embarrassing to tell someone that you are coming to their site to fix a
problem you just created remotely ;-)
You will need to check that using this does not create a any security
risks, but it seemed ok to me.
> i was looking in config and startup files but did not find a simple
> solution -- when internally running iptables commands return with
> failure, the failure is not returned from shorewall scripts (all is
> returned as proper exit code 0) and so you cant react to exit
> code of underlaying iptables commands -- any solutions (using debian
> stable version 1.2.12).
>
> 2. the above iptables commands i placed into '/etc/shorewall/common'
> file, cause i find no better suitable location for them -- is there a
> file for running special user iptables commands?
>
So for I haven't tried this as I could do everything I needed using the
standard config files.
> thx.
>
> >
> > aaaa prave pozeram ze ty si cech :) tak zdar :)
>
> jasne! cau na slovensko! at zije blackhole.sk!
>
> m.
>
HTH
--
Giles Nunn
Reply to: