Improve comments in interfaces file re: use of aliases

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@314 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-29 01:36:06 +00:00 · 2002-10-29 01:36:06 +00:00 · eef8a3dc72
commit eef8a3dc72
parent 5205780da6
2 changed files with 10 additions and 4 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -2989,6 +2989,9 @@ initialize_netfilter () {
    #
    # Allow DNS lookups during startup for FQDNs
    #
+    run_iptables -A INPUT   -p udp --dport 53 -j ACCEPT # I suppose that there
+                                                        # is an idiot somewhere
+                                                        # who needs this
    run_iptables -A OUTPUT  -p udp --dport 53 -j ACCEPT
    run_iptables -A FORWARD -p udp --dport 53 -j ACCEPT

@ -3456,10 +3459,11 @@ activate_rules()
    complete_standard_chain OUTPUT $FW all
    complete_standard_chain FORWARD all all

-    run_iptables -D INPUT 1
-    run_iptables -D OUTPUT 1
-    run_iptables -D FORWARD 1
+    run_iptables -D INPUT   -m state --state ESTABLISHED -j ACCEPT
+    run_iptables -D OUTPUT  -m state --state ESTABLISHED -j ACCEPT
+    run_iptables -D FORWARD -m state --state ESTABLISHED -j ACCEPT

+    run_iptables -D INPUT   -p udp --dport 53 -j ACCEPT
    run_iptables -D OUTPUT  -p udp --dport 53 -j ACCEPT
    run_iptables -D FORWARD -p udp --dport 53 -j ACCEPT
 }
--- a/Shorewall/interfaces
+++ b/Shorewall/interfaces
@ -16,7 +16,9 @@
 #			place "-" in this column.
 #	
 #	INTERFACE	Name of interface. Each interface may be listed only
-#			once in this file.
+#			once in this file. You may NOT specify the name of
+#			an alias (e.g., eth0:0) here; see
+#			http://www.shorewall.net/FAQ.htm#faq18
 #
 #	BROADCAST	The broadcast address for the subnetwork to which the
 #			interface belongs. For P-T-P interfaces, this