On Sun, Oct 29, 2006 at 07:33:31PM +0000, Wackojacko wrote:
> >celejar <celejar@gmail.com> wrote:
> >
> >
> >>Hi,
> >>
> >>I use shorewall to create a local (personal) firewall on my sid
> >>machine. I have a wireless nic which is sometimes connected to my
> >>private wireless network which I control and can secure (with WPA or
> >>WPA2), and sometimes to other networks which are insecure (eg. airport
> >>hotspot). I use ifscheme to manage the different network
> >>configurations, and I obviously have different security assumptions
> >>about the two situations. What is the standard way to have shorewall
> >>treat the two situations differently? I'm using the Madwifi driver, so
> >>a simple trick is to simply bring up the card as ath0 on the private
> >>network and ath1 on the public network and to write shorewall config
> >>files accordingly, but this is a bit of a kludge and not portable to
> >>other drivers.
> >>The most straightforward technique I can think of is to call pre-up
> >>scripts in /etc/network/interfaces that will manipulate the shorewall
> >>config files (eg. modify /etc/shorewall/zones , policy, and/or rules)
> >>but I'm wondering if there's a more standard way to do this - it seems
> >>like a fairly common requirement.
> >
What about having two sets of shorwall config files (where they would
differ for the two setups), use a .loc and .pub extension. Then write a
script that copies the .loc or .pub files to their regular names, then
reruns shorewall.
Doug.