Benjamin Hackl wrote:
When running shorewall make sure that iptables and ip6tables is set to off.
chkconfig iptables off chkconfig ip6tables off
I must admit I didn't realize iptables should be off.
Suppose you modify /etc/shorewall/rules and re-start shorewall; is that effective without iptables running (if only briefly)?
I read in http://www.shorewall.net/standalone.htm "Once you have Shorewall running to your satisfaction, you should totally disable your existing firewall" which seems to leave the position slightly ambiguous.
There is no need to change the forwarding settings. Shorewall will do that for you.
In my case (editing ipconfig-eth1) forwarding was stopped although I hadn't re-booted. Presumably I would have had to re-start shorewall to re-install forwarding? In any case I have edited /etc/sysctl.conf now to make sure it is on.
I notice that on stopping iptables I get the message [tim@alfred shorewall]$ sudo service iptables stop iptables: Flushing firewall rules: [ OK ] Does this mean shorewall has to be re-started?