So, I think I almost have it but for whatever reason I'm not getting my loc2vpn1 (where vpn1 is a dynamic zone) rule high enough in the _fwd chain:
Chain br-lan_fwd (1 references)
pkts bytes target prot opt in out source destination
2005 167K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
2005 167K br-lan_mac all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
0 0 loc2all all -- * tun2 0.0.0.0/0 0.0.0.0/0
616 78730 loc2all all -- * tun0 0.0.0.0/0 0.0.0.0/0
118 15304 loc2all all -- * tun1 0.0.0.0/0 0.0.0.0/0
3146 352K loc2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0
3517 371K loc2net all -- * eth0.1 0.0.0.0/0 0.0.0.0/0
0 0 loc2loc all -- * br-lan 0.0.0.0/0 0.0.0.0/0
0 0 loc2vpn1 all -- * tun0 0.0.0.0/0 0.0.0.0/0
set foo dst
So of course, a packet from br-lan to a network on interface tun0
matches the loc2all before it has a chance to be evaluated by the
loc2vpn1 rule.
What governs the order of the rules that go into the _fwd tables and how
can I get the loc2vpn1 rule assessed higher than the loc2all(tun0) rule?
b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
