I have configured a Fedora 15 installation to operate as a two interface bridge.
I have followed the instructions from http://www.shorewall.net/3.0/NewBridge.html and configured shorewall, but cant seem to restrict traffic from a pc within the net zone. The local zone and net zone pc's share the same ip subnet, 192.168.7.x but when the firewall is started I can still ping from the pc (192.168.7.116) on the net zone to any pc on the local zone. The ip addresses seem correctly assigned to the correct zones. If I try to ping from the bridge to the pc on the net zone I receive fw2net messages in the log, and fw2loc when pinging a pc on the local zone. It appears I am missing something, any pointers would be appreciated. See below for my config: Hosts: #ZONE HOST(S) OPTIONS loc br0:192.168.7.0/24!192.168.7.116 Rules: #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK loc net ACCEPT net all DROP info All all REJECT info Interfaces: #ZONE INTERFACE BROADCAST OPTIONS net br0 192.168.7.255 Zones #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 loc:net ipv4 Thanks in advance David ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
