Christ Schlacta wrote: >On another note: Tom, you might considder adding a recommendation to >the howtos and guides that even on a multiple interface router, that it >be configured to use bridges. I've found that swapping interfaces, >enabling or disabling vlans, and other simple updates are greatly >simplified by using bridges.
How so ? Bridges introduce a new layer of complication, and importantly, prevent some configurations - specifically you CANNOT filter outbound traffic originating on the firewall machine and exiting via a bridge interface. Most of my systems have a default policy of FW->ALL REJECT and stopping outbound traffic filtering would be a significant backwards step. You should take a look at udev persistent rules - specifically /dev/udev/rules.d/xx-persistent-net-rules IIRC on Debian derived systems. This allows you to name interfaces and greatly improves things - for example you can name your outside and inside devices ethext and ethint which makes keeping track of what's what a lot easier. I gues this won't help for VLANs though. The biggest help is that should you have to change a NIC, or migrate the system to different hardware, you can just change the MAC addresses in the persistent rules and carry on with the same config - none of this "oh bother*, eth0 is now eth3" stuff ! * Insert own choice of expletive here :) -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL, new data types, scalar functions, improved concurrency, built-in packages, OCI, SQL*Plus, data movement tools, best practices and more. http://p.sf.net/sfu/oracle-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
