Daniele Pizzolli wrote:
On Thursday 20 March 2008 00:53, Tom Eastep wrote:Daniele Pizzolli wrote:Basically I want to allow all traffic between the virtual interfaces connected to the bridge called "lan" in the zone "lan".Have you looked at http://www.shorewall.net/SimpleBridge.html?Oh, yes, but not with the right attention. Thanks for shorewall and for your patience. The routeback option is the key as explicited by Jerry Vonau. Now another question arise. Why is routeback necessary even if I explicit a lan lan policy?
Because I dislike side-effects. While it might seem reasonable to imply 'routeback' from an explicit lan->lan policy when there is only one interface to the 'lan' zone, what about if there are two? Should each of them have 'routeback' set automatically? What if that's not what the user intended? Then we would need a 'norouteback' option to undo what Shorewall had done automatically.
So it seems more consistent to simply require 'routeback' when the user wants/needs it.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
