I'm not a firewall expert, but I figured out that shorewall works when I change the /etc/shorewall/policy file's first non comment line to: fw net ACCEPT from loc net ACCEPT I'm using this on a standalone box, and I assume that "loc net ACCEPT" would allow packets from the local network to the internet. Maybe putting both lines there would work for more people out of the box? Reproducible: Always Steps to Reproduce: see details Actual Results: before) shorewall broke networking after) shorewall worked fine
is this fixed with 2.0.0 ?
The default policy file from shorewall 2.0.1 still has loc net ACCEPT But this is because it matches the default zones file, where loc is defined. The default seems to be a small network (loc) with a demilitarized zone. But even this "default" configuration doesn't do much because there are no rules defined. Generally shorewall won't run on your system without configuring first. Shorewall doesn't know if you have a standalone system, a big network, a demilitarized zone, which ports you want to be open, which you want closed, etc. You must configure it. Of course the default files can be changed to work for a standalone system right from the start if this is desired.
maybe you could send this upstream
BTW the shorewall ebuild already contains the message: "Read the documentation from http://www.shorewall.net" "available at /usr/share/doc/${PF}/html/index.htm" "Do not blindly start shorewall, edit the files in /etc/shorewall first" Thus the result "shorewall broke networking" is actually expected if it's not first configured. Maybe it would make sense to make the last line more concrete: "Do not blindly start shorewall, edit the files in /etc/shorewall first, otherwise it could break your network connectivity" I think there is really nothing to fix upstream because the default is not wrong. It just doesn't match the setup of the bug reporter. The change the bug reporter made is btw mentioned in the Shorewall Quickstart Guides (which get installed with the documentation).
fixed with 2.0.3a
