On 9/14/10 5:51 PM, Mr Dash Four wrote: > >> Set blacklist=1 on eth0. >> > Right, so in other words blacklist=2 only blocks forwarded traffic > passing through this interface destined to nets in the blacklist with > the 'to' option. Wouldn't it be easier to just use 'fwd' as the > blacklist option - 'to' with blacklist=2 is very different from 'to' and > blacklist=1, you can just have 'blacklist' and choose between > 'from','to' (as if blacklist=1) and, say, 'fwd' (as if blacklist=2) - no > need for so many permutations when these 3 options in the blacklist file > alone will cover everything you'll ever need. As I wrote previously - > confusing.
Luckily, with your one-interface, two-zone configuration, you won't have an opportunity to use the confusing blacklist=2 setting. It is designed for internal interfaces, and given that you don't have any internal interfaces, it shouldn't be a problem for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
