On 12/12/11 6:56 AM, Ed W wrote: > Hi, I have several internet connections and for convenience I thought it > might be useful to group them by "type". So I tried to figure out the > correct way to do something like: > > zones: > fw firewall > net ipv4 > loc ipv4 > eth:net ipv4 > wl:net ipv4 > ppp:net ipv4 > > interfaces: > eth eth0 detect optional > eth eth1 detect optional > wl wlan0 detect optional > wl wlan1 detect optional > ppp ppp0 detect optional > ppp ppp1 detect optional > > > However, I get a warning about "net" being empty and my rules aren't > behaving the way I expect (everything seems blocked... I have > IMPLICIT_CONTINUE=yes) > > While I debug this, can I just check that the above should work as > desired, ie I can set rules from loc/fw to net and those rules will > implicitly apply to all the subzones eth/wl/ppp? Basically in this case > I just want to use "net" as a group name for all my subzones. > > (The use case is that I might want to apply policies on classes of > interface, eg block voip traffic over the ppp interface, but allow over > the wl/eth interfaces)
You must define the net zone as: net + - That must be the last line in the interfaces file. And you need the current version of Shorewall. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
