Hello, I have a firewall with 67 network interfaces. I'm migrating it to Shorewall now. It's working well, but I have some doubts I'd like to discuss with you guys.
I've created 67 zones, one for each interface, because I have most rules that need to be zone-based. My doubt is that I have some rules, maybe over a hundred, that need to applied to let's say 32 zones. I could do that easily directly with iptables, because my network is segmented in a tree-mode. Example: zone1 - 192.168.0.0/24 zone2 - 192.168.1.0/24 In that case, zone1+zone2 would be 192.168.0.0/23... And so on... Is it possible to create a "grouping" zone aggregating zone1 plus zone2, for example, so that I can declare a rule only to the "grouping" zone, without repeating the rule for each zone. I've read the man page shorewall-nesting, but the examples I've seen are based on only one interface. I'm not sure if that would work across multiple interfaces. This network is quite critical, so I'm a bit afraid to be testing a lot of rules in it without making sure that's the right way to go. Thanks in advance. -- MARLON DUTRA Propus GnuPG ID: 0x3E2060AC pgp.mit.edu http://www.propus.com.br/ http://hackers.propus.com.br/~marlon/ ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
