>> If I "register" this interface in the interfaces file, but place a dash >> (-) and "ignore" in the options column would that work? >> >> > > It would make your tcrules compile cleanly. So "- tun0 ignore" it is then (btw the "ignore" option isn't documented anywhere in shorewall-interfaces).
One other issue I have been thinking lately - in some circumstances shorewall requires the interface to be "present" (or even up) - why is this and what happens if the interface suddenly "disappears" (like if I am to completely close the tun0 device)? If I want to "cheat" (as I often do!) I could artificially "open" tun0, start shorewall and then close that device. What would happen then (if anything)? > But you must have extremely > liberal policies if traffic in and out of such an interface is accepted > by the filtering part of Netfilter. > tun0 on one of my machines will only serve traffic internally coming from one of my subnets, so I am not overly worried about "intrusions". ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
