On 9/8/12 3:38 PM, Steve Thompson wrote: > On Sat, 8 Sep 2012, Tom Eastep wrote: > >> On 9/8/12 2:06 PM, Steve Thompson wrote: >>> I would have expected the "net1 net2 ACCEPT" and "net2 net1 ACCEPT" >>> policies to allow this, since the KVM machine is logically attached to >>> both networks. Since it doesn't work, I am missing something. I have tried >>> using the bridge option in the interfaces file to no effect. I'd >>> appreciate it if someone can give me a clue. >> >> Shorewall FAQ 17 and look for <interface>_rec > > Thanks for the pointer, but I don't think that it helps me (or I just > don't understand how it helps me). I do use the maclist option on the > firewall's interfaces, and I do have a maclist file that lists all > relevant MAC addresses, but even if I remove the maclist option from all > of the network interfaces altogether, it still doesn't change anything. >
I don't believe that. If you remove the 'maclist' option altogether, then there will be no no br1_rec chain. So the log message that you posted cannot possibly be issued. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
