--- On Thu, 2/24/11, Tom Eastep <[email protected]> wrote:
> > So this should fail (DROP) but it doesn't:
> >
> > ping 192.168.144.90 (from 192.168.211.39)
>
> Looks like br0 is the 'net' zone and the implicit
> net->net policy is
> ACCEPT. If you don't want that, you need to add an explicit
> net->net
> policy in /etc/shorewall/policy.
I'm a bit confused because 192.168.211.39 is a host within the 'loc' zone and
192.168.144.90 is within the 'net' zone.
So I thought that
ping 192.168.144.90 (from 192.168.211.39)
would obey rules/policies loc2net.
My /etc/shorewall/interfaces contains:
net br0 detect routefilter,tcpflags,routeback,blacklist
What would be the implications of changing it to:
loc br0 detect routefilter,tcpflags,routeback,blacklist
?
Thanks
------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
