Tom Eastep wrote: > On 5/26/13 4:15 PM, "Dash Four" <[email protected]> wrote: > > >> Tom Eastep wrote: >> >>> On 5/26/13 3:16 PM, "Dash Four" <[email protected]> wrote: >>> >>> >>> >>>> Tom Eastep wrote: >>>> >>>> >>>>>> Well, in that case you need to call the first option "loopback" >>>>>> (because >>>>>> that's what this really is, it isn't "local") and the second "local". >>>>>> >>>>>> Both should only have fw2<X> and <X>2fw chains (X being the loopback >>>>>> and >>>>>> local zones) and in addition, for the local zone, there should also >>>>>> be >>>>>> local2local chain in case where there is more than one interface >>>>>> defined >>>>>> for that local zone. >>>>>> >>>>>> >>>>>> >>>>> We're on the same page. I've just about finished implementing exactly >>>>> what >>>>> you describe. >>>>> >>>>> >>>>> >>>> Forgot to add something which should be pretty obvious given what was >>>> discussed earlier - neither options should have the lo-only >>>> restriction. >>>> >>>> >>> Loopback will still have that restriction. >>> >>> >> What happens when I only have one device in a zone called "local" with >> the "local" option set? If I am to assume that shorewall will do the >> right thing and eliminate the local2local chain, then what would be the >> difference between that zone and the "loopback" zone? >> > > If you also have 'local1' of type local, then you will have 'local12local' > and local2local1' (since local zones can communicate with each other). > That's not what I asked, is it? So I'll repeat it again (cut-and-paste from my post above):
What happens when I only have one device in a zone called "local" with the "local" option set? If I am to assume that shorewall will do the right thing and eliminate the local2local chain (question one), then what would be the difference between that zone and the "loopback" zone (question two)? ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
