a firewall with 67 network interfaces.... wow does such a beast even exist? soory but i m just so curious...i was always thinking that the max numbers of interfaces will be about 6 ( 2 built in , 4 pci slots ). hope you can enlighten us abt yr machine ... after yr solve yr problem of course....
----- Original Message ---- > From: Marlon Dutra <[email protected]> > To: [email protected] > Sent: Tuesday, January 27, 2009 3:58:56 AM > Subject: [Shorewall-users] Grouping zones > > Hello, > > I have a firewall with 67 network interfaces. I'm migrating it to > Shorewall now. It's working well, but I have some doubts I'd like to > discuss with you guys. > > I've created 67 zones, one for each interface, because I have most > rules that need to be zone-based. > > My doubt is that I have some rules, maybe over a hundred, that need to > applied to let's say 32 zones. I could do that easily directly with > iptables, because my network is segmented in a tree-mode. > > Example: > > zone1 - 192.168.0.0/24 > zone2 - 192.168.1.0/24 > > In that case, zone1+zone2 would be 192.168.0.0/23... And so on... > > Is it possible to create a "grouping" zone aggregating zone1 plus > zone2, for example, so that I can declare a rule only to the > "grouping" zone, without repeating the rule for each zone. > > I've read the man page shorewall-nesting, but the examples I've seen > are based on only one interface. I'm not sure if that would work > across multiple interfaces. > > This network is quite critical, so I'm a bit afraid to be testing a > lot of rules in it without making sure that's the right way to go. > > Thanks in advance. > > -- > MARLON DUTRA > Propus > GnuPG ID: 0x3E2060AC pgp.mit.edu > http://www.propus.com.br/ > http://hackers.propus.com.br/~marlon/ > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
