Shorewall Guy wrote: > Shorewall Guy wrote: >> Marlon Dutra wrote: >> >>> I've read the man page shorewall-nesting, but the examples I've seen >>> are based on only one interface. I'm not sure if that would work >>> across multiple interfaces. >> It doesn't. > > Actually, it can be made to work. > > If you do this: > > /etc/shorewall/zones: > > zoneA > zone1:zoneA > zone2:zoneA > > /etc/shorewall/interfaces: > > zoneA eth0 > zoneA eth1 > > /etc/shorewall/hosts: > > zone1 eth0:192.168.1.0/24 broadcast > zone2 eth1:192.168.2.0/24 broadcast > > then it works like this when using the default IMPLICIT_CONTINUE=Yes.
I posted the above without trying it -- while it compiles fine, the Shorewall-perl compiler is not creating the correct ruleset. I'll need some time to sort out why that is happening. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
