[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Multiple firewall profiles with shorewall


I use shorewall to create a local (personal) firewall on my sid
machine. I have a wireless nic which is sometimes connected to my
private wireless network which I control and can secure (with WPA or
WPA2), and sometimes to other networks which are insecure (eg. airport
hotspot). I use ifscheme to manage the different network
configurations, and I obviously have different security assumptions
about the two situations. What is the standard way to have shorewall
treat the two situations differently? I'm using the Madwifi driver, so
a simple trick is to simply bring up the card as ath0 on the private
network and ath1 on the public network and to write shorewall config
files accordingly, but this is a bit of a kludge and not portable to
other drivers.
The most straightforward technique I can think of is to call pre-up
scripts in /etc/network/interfaces that will manipulate the shorewall
config files (eg. modify /etc/shorewall/zones , policy, and/or rules)
but I'm wondering if there's a more standard way to do this - it seems
like a fairly common requirement.


Reply to: