From eef8a3dc72594e5ca123648bd7be352e4a2098c7 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 29 Oct 2002 01:36:06 +0000 Subject: [PATCH] Improve comments in interfaces file re: use of aliases git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@314 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/firewall | 10 +++++++--- Shorewall/interfaces | 4 +++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/Shorewall/firewall b/Shorewall/firewall index 34d8f8dc4..84272ccea 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -2989,6 +2989,9 @@ initialize_netfilter () { # # Allow DNS lookups during startup for FQDNs # + run_iptables -A INPUT -p udp --dport 53 -j ACCEPT # I suppose that there + # is an idiot somewhere + # who needs this run_iptables -A OUTPUT -p udp --dport 53 -j ACCEPT run_iptables -A FORWARD -p udp --dport 53 -j ACCEPT @@ -3456,10 +3459,11 @@ activate_rules() complete_standard_chain OUTPUT $FW all complete_standard_chain FORWARD all all - run_iptables -D INPUT 1 - run_iptables -D OUTPUT 1 - run_iptables -D FORWARD 1 + run_iptables -D INPUT -m state --state ESTABLISHED -j ACCEPT + run_iptables -D OUTPUT -m state --state ESTABLISHED -j ACCEPT + run_iptables -D FORWARD -m state --state ESTABLISHED -j ACCEPT + run_iptables -D INPUT -p udp --dport 53 -j ACCEPT run_iptables -D OUTPUT -p udp --dport 53 -j ACCEPT run_iptables -D FORWARD -p udp --dport 53 -j ACCEPT } diff --git a/Shorewall/interfaces b/Shorewall/interfaces index 1cfd1def8..8be1de806 100644 --- a/Shorewall/interfaces +++ b/Shorewall/interfaces @@ -16,7 +16,9 @@ # place "-" in this column. # # INTERFACE Name of interface. Each interface may be listed only -# once in this file. +# once in this file. You may NOT specify the name of +# an alias (e.g., eth0:0) here; see +# http://www.shorewall.net/FAQ.htm#faq18 # # BROADCAST The broadcast address for the subnetwork to which the # interface belongs. For P-T-P interfaces, this