Tom Eastep wrote: > David Rothenberger wrote: >> I came across a problem today with an ACCEPT+ rule using shorewall-perl >> 4.2.7. >> >> The rule is: >> >> ACCEPT+ loc:192.168.1.102 wifi tcp http,https >> >> This resulted in a rule in the loc_dnat chain with the destination set >> to 0.0.0.0/0, which seems to ignore the "wifi" zone in the destination >> of the rule. >> >> My "wifi" zone is defined as such in zones: >> >> wifi ipv4 >> >> and my interfaces file has: >> >> wifi eth3 detect dhcp,maclist >> >> eth3 is up when shorewall is started. It has address >> 192.168.3.101/255.255.255.0. >> >> Is this expected behavior? > > Yes. > > The NAT part of the rule generated by ACCEPT+ does not consider the > destination zone.
Note that if you want to restrict the DNAT rule to packets addressed to
192.168.3.0/24, you can code the rule as:
ACCEPT+ loc:192.168.1.102 wifi:192.168.3.0/24 tcp http,https
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
