>> firewall.) Many of our hosts have two eth devices. For background >> here's existing config: >> >> /etc/shorewall/interfaces: >> - eth+ detect >> >> /etc/shorewall/hosts: >> net eth+:0.0.0.0/0 >> uw eth+:$N_ALL_UW_AFFILIATED > > So uw is a subzone of net; have you defined it that way > in /etc/shorewall/zones?
Hi Tom, No, have not defined as subzone. Why? Probably because it produced the right thing way back when I set it up. $ cat zones #ZONE TYPE OPTIONS IN OUT host firewall uw ipv4 net ipv4 $ cat policy host all ACCEPT uw net NONE net uw NONE uw host REJECT info net host DROP -Eric ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
