|
You're the best Tom! Been swamped with client emergencies, but I think this has brought things into enough focus to get me across the finish line. On 11/2/2011 10:19 AM, Tom Eastep wrote: > On Tue, 2011-11-01 at 20:27 -0700, Tom Eastep wrote: >> >> If you create a rational IP configuration, Shorewall can handle it. >> >> In short -- this isn't a Shorewall question. > > That having been said, there are a couple of things to keep in mind when > considering using bridges with Shorewall. > > - You can define zones by bridge port. > - You can filter traffic originating from those 'bridge-port' zones. > - You cannot filter traffic from non-bridge-port zones to individual > 'bridge-port' zones. This restriction is imposed by Netfilter, not > Shorewall. > > Example 1 (routed firewall): > _________ > | |--vzone1 > net<--eth0->firewall<--->| bridge |--vzone2 > |_________|--vzone3 > > You can write rules for vzoneN->net > You can write rules for vzoneN->vzoneM > You can write rules for vzoneN->firewall > You can write rules for firewall->vzone* only > You can write rules for net->vzone* only > > Example 2 (bridged firewall) > _________ > | |--vzone1 > net<--eth0-->| bridge |--vzone2 > |_________|--vzone3 > > You can write rules for all zone pairs except for fw->vzoneN; you can > only write rules for fw->vzone*. > > Hope this helps, > -Tom > > > ------------------------------------------------------------------------------ > RSA® Conference 2012 > Save $700 by Nov 18 > Register now! > http://p.sf.net/sfu/rsa-sfdev2dev1 > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Brian W. Neu Principal Advanced Open Systems, Inc. Technology Applied for Business aosystems1 (skype) 678.310.7890 (w) 404.452.0043 (c) |
------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
