Shorewall Guy wrote: > Marlon Dutra wrote: > >> I've read the man page shorewall-nesting, but the examples I've seen >> are based on only one interface. I'm not sure if that would work >> across multiple interfaces. > > It doesn't.
Actually, it can be made to work. If you do this: /etc/shorewall/zones: zoneA zone1:zoneA zone2:zoneA /etc/shorewall/interfaces: zoneA eth0 zoneA eth1 /etc/shorewall/hosts: zone1 eth0:192.168.1.0/24 broadcast zone2 eth1:192.168.2.0/24 broadcast then it works like this when using the default IMPLICIT_CONTINUE=Yes. - Traffic to/from eth0 first goes through the zone1 rules. - If there is no match, it then goes through the zoneA rules. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
