Hi,
I noticed today that a hosts zone defined as follows wasn't being matched.
I investigated the output of iptables -L -v, and found this:
Chain tun4_out (1 references)
pkts bytes target prot opt in out source
destination
85 13584 fw2san all -- any any anywhere anywhere
0 0 fw2bloc all -- any any anywhere
192.168.3.0/24
/etc/shorewall/zones
san ipv4
bloc ipv4
/etc/shorewall/hosts
bloc tun4:192.168.3.0/24
/etc/shorewall/interfaces
san tun4 detect
routefilter,logmartians,tcpflags,nosmurfs
/etc/shorewall/rules sample
# dns
ACCEPT $FW bloc udp 53
Either switching the order of those zones entries or using "bloc:san ipv4",
the following iptables output and the correct behavior are achieved:
Chain tun4_out (1 references)
pkts bytes target prot opt in out source
destination
130 21543 fw2bloc all -- any any anywhere
192.168.3.0/24
0 0 fw2san all -- any any anywhere anywhere
I couldn't find anything in the hosts or zones man pages about this. Am I
doing something wrong, or should this be spelled out in the docs for other
idiots like me?
Thanks-
John
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
