Joseph L. Casale wrote:
Tom, I hate to hijack the OP's thread but I was literally about to
> post regarding the same topic. Is it the most secure way in the > situation where I have a physical NIC connected to a dsl modem,
and have created a bridge where multiple virtual interfaces each
> collect an dynamic ip? I understood that assigning it an IP of 0.0.0.0 > was the best bet, but reading this thread makes me think it should not > have an IP at all?
Bridges and Ethernet adapters are two different things. An ethernet adapter used for PPPoE need not be configured with an IP address (unless you want access to the inbuilt web server, as someone pointed out in a later post). If it has no IP address, then it need not be defined to Shorewall.
Bridges usually need to be defined to Shorewall even if they aren't given an IP address. That is because vendor kernels typically support Netfilter/bridge interaction so traffic going through the bridge is passed through Netfilter. I usually assign them to a zone by themselves and set up policies to disallow traffic to/from the bridge zone and the other zones. The implicit intra-zone policy of ACCEPT allows traffic to go through the bridge.
Ps. Is the the line wrap better?
No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
