Benjamin Hackl wrote: > When running shorewall make sure that iptables and ip6tables is set to > off. > > chkconfig iptables off > chkconfig ip6tables off I must admit I didn't realize iptables should be off. Suppose you modify /etc/shorewall/rules and re-start shorewall; is that effective without iptables running (if only briefly)? I read in <http://www.shorewall.net/standalone.htm> "Once you have Shorewall running to your satisfaction, you should totally disable your existing firewall" which seems to leave the position slightly ambiguous. > There is no need to change the forwarding settings. Shorewall will do > that for you. In my case (editing ipconfig-eth1) forwarding was stopped although I hadn't re-booted. Presumably I would have had to re-start shorewall to re-install forwarding? In any case I have edited /etc/sysctl.conf now to make sure it is on. I notice that on stopping iptables I get the message [tim at alfred shorewall]$ sudo service iptables stop iptables: Flushing firewall rules: [ OK ] Does this mean shorewall has to be re-started? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland