On 05/26/2013 08:22 AM, Dash Four wrote: > > > Tom Eastep wrote: >> On 5/25/13 6:35 PM, "Dash Four" <[email protected]> wrote: >> >>> Tom Eastep wrote: >>> >>>> 4.5.17 RC 1 is now available for testing. >>>> >>>> Changes since Beta 3: >>>> >>>> 1) A 'local' zone now works correctly with 'destonly' specified on the >>>> loopback device. >>>> >>>> >>> ERROR: The local zone may only me assigned to 'lo' >>> /etc/shorewall/interfaces >>> >>> Says who, exactly? I should be able to assign the local zone to >>> whichever network adapter I damn well please! >>> >> >> As the Rolling Stones say, you can't always get what you want. Especially >> when you ask like that. >> > Well, in this case, I will have to use start/started to manually delete > all the <all>2local and local2<all> crap shorewall placed in my own > firewall and be done with it and not bother with this next-to-useless > "local" zone option at all. > > If it was just the loopback interface your recent changes have targeted, > then, maybe, just maybe, you should have called this option "loopback" > instead to make it clearer. > > Personally, I won't be using this, as your "local" solution is neither > here nor there - my intention was, and always has been, to isolate the > local zone from all other zones I have defined (be it based on the > loopback interface or lo:X interfaces, or some other interfaces bound to > the 127.x.x.x address I have defined in advance) and exercise a degree > of control over its traffic. Currently, your "local" solution falls well > short of that.
The lo:X thingies are not interfaces; they are simply labeled addresses on interface 'lo'. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
