Mariano Absatz wrote: > Tom Eastep escribió el 02/04/09 14:17: >> Tom Eastep wrote: >> >>> Please read http://www.shorewall.net/bridge-Shorewall-perl.html >>> > Thanx... I skimmed over it and I started 2 understand... anyway it does > not refer to my case since I'm not firewalling the bridge using 2 > interfaces in my host... >> >> If you just want to allow all traffic between the VMs: >> >> a) Delete all of those silly rules. >> b) Remove the 'bridge' option from vnet0 in /etc/shorewall/interfaces >> c) Add the 'routeback' option to vnet0 in /etc/shorewall/interfaces >> >> If you only want to allow DNS and SSH: >> >> a) Add a vms->vms REJECT policy to /etc/shorewall/interfaces. >> b) Remove the 'bridge' option from vnet0 in /etc/shorewall/interfaces >> c) Add the 'routeback' option to vnet0 in /etc/shorewall/interfaces >> > Now, this is (I think) precisely what I needed... > > In this case I _do_ need the silly rules, don't I?
Yes. > > I already had the REJECT policy, but I have it in 'policies' rather than > 'interfaces'... is there a difference? That was a typo -- I meant /etc/shorewall/policy. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
