Tom Eastep wrote: > Steven Jan Springl wrote: >> On Thursday 07 June 2007 00:41, Tom Eastep wrote: >>> Steven Jan Springl wrote: >>>> Tom >>>> >>>> When zones contains: >>>> >>>> fw firewall >>>> lan ipv4 >>>> tst ipv4 >>>> p1:tst port >>>> p2:tst port >>>> >>>> interfaces contains: >>>> >>>> lan eth0 - nosmurfs,tcpflags >>>> tst br0 - routeback,bridge,optional,tcpflags,rosmurfs >>>> p1 br0:eth1 >>>> p2 br0:eth2 >>>> >>>> and policy contains: >>>> >>>> fw all accept >>>> lan p2 accept >>>> all all drop >>>> >>>> the following iptables rule is created: >>>> >>>> -A lan2p2 -j ACCEPT >>>> >>>> but nothing points to the lan2p2 chain. >>>> >>>> Should it be possible to have a policy from a zone that is not part of a >>>> bridge to a bridge port (line 2 of the policy file above)? >>> I have this covered in one of my earlier experiments but forgot it in >>> the current one. Fixed in r6477. >>> >>> Thanks, Steven >>> -Tom >> Tom >> >> Should it be possible to have a policy from the bridge to a port on the same >> bridge e.g. using the above zone and interface definitions: > > In principle, such a policy (or rule) is not a problem but I haven't > been able to come up with a good way to detect that case yet.
This area is imperfect. For the policy/rule to be accepted, the source zone must be associated with the bridge and only the bridge. Please try r6478. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
