On 3/25/11 3:33 AM, Vieri Di Paola wrote: > I have a bridge setup with lan and wan bp-zones. > > I'm pinging successfully from a host in the lan bp-zone with IP addr > 10.215.146.70 to a host in the wan bp-zone with IP addr 10.215.146.89 and > this is reflected in the Conntrack Table (see dump). > > According to the documentation I should be able to set policies and rules > between 2 bp-zones (eg. lan -> wan; wan -> lan). > I must have set them wrong because I'm expecting to REJECT all traffic > between lan and wan. > However, pings between hosts in wan and lan are working both ways... > > Please take a look at my shorewall dump at: > http://213.96.91.201/temp/dump.gz > > Why are pings wan2lan and lan2wan working?
Because your configuration is allowing all br0->br0 traffic. > How can I block them? Configure your firewall correctly. If you will send me a tarball of /etc/shorewall, I'll take a look. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
