Tom Eastep wrote:
> 8) A new 'local' zone TYPE has been added to /etc/shorewall[6]/zones.
> A 'local' zone is similar to an 'ipv4' ('ipv6') zone, except that
> rules and policies to/from a 'local' zone may only be to/from the
> firewall zone and vserver zones.
>
When I have something like:
zones
~~~~~
local local
interfaces
~~~~~~~~~~
local eth1
- lo ignore
policy
~~~~~~
local $FW DROP
$FW local DROP
all+ all+ DROP
shorewall generates:
-A INPUT -i lo -j ACCEPT
[...]
-A OUTPUT -o eth1 -j ACCEPT
[...]
-A OUTPUT -o lo -j fw2fw
which is wrong. The "-o eth1" rule above should be a jump to "fw2local"
and the last rule should be "-o lo -j ACCEPT".
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
