>Bridges usually need to be defined to Shorewall even if they aren't given an >IP address. That is because vendor kernels typically support >Netfilter/bridge interaction so traffic going through the bridge is passed >through Netfilter. I usually assign them to a zone by themselves and set up >policies to disallow traffic to/from the bridge zone and the other zones. >The implicit intra-zone policy of ACCEPT allows traffic to go through the >bridge.
Tom, It looks like I need to shift forums as my question is no longer Shorewall specific as Shorewall wont be running in Dom0. Currently in my tests, I have a CentOS DomU running very well with Shorewall but it has its red nic passed through so its very secure. In my final implementation I will have more then one Shorewall DomU and will not pass the nics in. I will research Netfilter and hopefully come up with a grasp on all happens to the nic in Dom0 even if it does not have an IP, as I need make sure its secure. Thanks for the guidance. jlc ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
