Tristan DEFERT wrote: > Hi list users, > > i use new bridging method since few days and i cannot set > up /etc/shorewall/hosts as written in doc. > > That means i do not identify anymore my bridge zones by interface like > this: > wan $bridge_interface:$wan_interface > dmz $bridge_interface:$dmz_interface > > But i now use: > dmz $bridge_interface:$dmz_subnet,!$router_ip > > but this syntax does not work for me. > Instead of EXCLUDING one or more hosts from my dmz zone (doesn't work) > i must use this kind of syntax: > dmz $bridge_interface:$dmz_addresses_pool > where $dmz_addresses_pool covers my whole subnet class but the router: > so i do not exclude anything, but i define a shrinked pool within my > subnet. > > did anyone succeed with such a setup where !exclusion is used within > shorewall/hosts ? > > what could affect this behaviour? what lacks (if so) to iptables? > I do not use such an exclusion anywhere else in shorewall. > > any feedback welcome! >
Which Shorewall version are you running? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
