|
|
楼主 |
发表于 2007-8-10 10:14:52
|
显示全部楼层
Post by linuxth
嗯,可以如愿的。
嗯,试图让ppp断线重拔,ShareWall应该可以继续工作的(这个需要测试一下)
ps的问题不清楚,没碰到,等你防火墙能正常工作后,再回头看这个问题,是否存在。
如何如愿,请教一个思路……
PS的问题,我今天已经做了一次测试,他这功能很明显是默认的,不是和我配置防火墙有关,你可以看我的截图,在这项目的配置文件里,找不到关闭的方法,我查找了shorewall.conf,查到了这样一段话
- FOR ADMINS THAT REPEATEDLY SHOOT THEMSELVES IN THE FOOT
- #
- # Normally, when a "shorewall stop" command is issued or an error occurs during
- # the execution of another shorewall command, Shorewall puts the firewall into
- # a state where only traffic to/from the hosts listed in
- # /etc/shorewall/routestopped is accepted.
- #
- # When performing remote administration on a Shorewall firewall, it is
- # therefore recommended that the IP address of the computer being used for
- # administration be added to the firewall's /etc/shorewall/routestopped file.
- #
- # Some administrators have a hard time remembering to do this with the result
- # that they get to drive across town in the middle of the night to restart
- # a remote firewall (or worse, they have to get someone out of bed to drive
- # across town to restart a very remote firewall).
- #
- # For those administrators, we offer ADMINISABSENTMINDED=Yes. With this
- # setting, when the firewall enters the 'stopped' state:
- #
- # All traffic that is part of or related to established connections is still
- # allowed and all OUTPUT traffic is allowed. This is in addition to traffic
- # to and from hosts listed in /etc/shorewall/routestopped.
- #
- # If this variable is not set or it is set to the null value then
- # ADMINISABSENTMINDED=No is assumed.
- #
- ADMINISABSENTMINDED=Yes
我仔细看了,但是很明显这个参数提供的功能不是关闭该默认功能,而是给你个选择,如果是no,就阻塞所有外部访问,如果是yes,那么在shorewall stop之前已经连接上的访问不会被阻塞,其他后来的访问一律阻塞,我试验也做了证明和我想的一样 |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有帐号?注册
x
|
IP卡
狗仔卡
显身卡
发表于 2007-8-10 17:21:19