Oh, although i said i tried that option which didn't seem to have
effect, i realize i might have tried the ping from the wrong zone (ie
testing from loc...).
Now that i changed the rule for the DMZ to
PING/ACCEPT dmz $FW:192.168.2.1
Only the ping to that gateway works (ie ping 10.0.0.1 doesn't answer)
Anyway, as there's an open public captive portal (all http traffic
redirected to the local webserver) in that DMZ (it's ath2 and not
eth2) i wanted to give as few info about the local LAN layout as
possible.
That's because as I read somewhere it's pretty easy to guess the
network topology (though i have no idea how it could be done :-) I
wonder if it's even useful to do that additionnal filtering...
Thanks
2008/12/8 Shorewall Geek <[EMAIL PROTECTED]>:
> Well -- if you are that disappointed, you can always prevent it!
>
> Replace
> PING/ACCEPT loc $FW
> with
> PING/ACCEPT loc $FW:<firewall's local ip address>
>
> That will only allow ping to the <firewall's local ip address>
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
