On Thursday 07 June 2007 03:23, Tom Eastep wrote: > Tom Eastep wrote: > > Steven Jan Springl wrote: > >> On Thursday 07 June 2007 00:41, Tom Eastep wrote: > >>> Steven Jan Springl wrote: > >>>> Tom > >>>> > >>>> When zones contains: > >>>> > >>>> fw firewall > >>>> lan ipv4 > >>>> tst ipv4 > >>>> p1:tst port > >>>> p2:tst port > >>>> > >>>> interfaces contains: > >>>> > >>>> lan eth0 - nosmurfs,tcpflags > >>>> tst br0 - routeback,bridge,optional,tcpflags,rosmurfs > >>>> p1 br0:eth1 > >>>> p2 br0:eth2 > >>>> > >>>> and policy contains: > >>>> > >>>> fw all accept > >>>> lan p2 accept > >>>> all all drop > >>>> > >>>> the following iptables rule is created: > >>>> > >>>> -A lan2p2 -j ACCEPT > >>>> > >>>> but nothing points to the lan2p2 chain. > >>>> > >>>> Should it be possible to have a policy from a zone that is not part of > >>>> a bridge to a bridge port (line 2 of the policy file above)? > >>> > >>> I have this covered in one of my earlier experiments but forgot it in > >>> the current one. Fixed in r6477. > >>> > >>> Thanks, Steven > >>> -Tom > >> > >> Tom > >> > >> Should it be possible to have a policy from the bridge to a port on the > >> same bridge e.g. using the above zone and interface definitions: > > > > In principle, such a policy (or rule) is not a problem but I haven't > > been able to come up with a good way to detect that case yet. > > This area is imperfect. For the policy/rule to be accepted, the source > zone must be associated with the bridge and only the bridge. Please try > r6478. > > Thanks, > -Tom
Good morning Tom. This works now. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
