On 06/07/2011 04:32 AM, David Rayner wrote: > Thanks for the reply Tom, > >> >> The document you have been reading applies to the Shorewall 3.x series; >> hopefully, you are running Shorewall 4.4 on Fedora 15. > > My apologies, I missed that. I had though already tried the main > shorewall-perl configuration and had the same result. I then stumbled across > the v3 docs, and believed that was the correct doc as it covered my kernel > version and 'newbridge'. > >>> Rules: >> That isn't the rules file > > Sorry, typo > >> And your fw->net policy is REJECT > > Yes, I knew this, I wanted to get the firewall bridge working then worry > about the rest. > > I have now gone back to the main documentation - > http://www.shorewall.net/bridge-Shorewall-perl.html, but am still having the > same issue. I cannot restrict any traffic between the net and loc zones on > either side of the bridge. I can control traffic to/from the bridge using > world zone, but nothing else.
One reason for running a bridge is that you are using KVM. On FC15 with
KVM under libvirt, you must include this in your /etc/shorewall/init file:
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
Beginning with Shorewall 4.4.20, Shorewall will set that for you when
you define an interface with the 'bridge' option.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
