On 2/24/11 9:08 AM, Vieri Di Paola wrote: > Hi, > > This is probably a dumb question but I'm successfully pinging from host1 to > host2 via a shorewall bridge when I would be expecting NOT to. > So this should fail (DROP) but it doesn't: > > ping 192.168.144.90 (from 192.168.211.39) > > Could you please have a look at the Shorewall dump? > http://213.96.91.201/temp/dump.gz > > What dumb mistake have I done? > Why can 192.168.211.39 ping 192.168.144.90? > > (I know the packets are going through the shorewall bridge if I run tcpdump > on it) >
Looks like br0 is the 'net' zone and the implicit net->net policy is ACCEPT. If you don't want that, you need to add an explicit net->net policy in /etc/shorewall/policy. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
