2012-10-06 15:58 keltezéssel, Tom Eastep írta:
> On 10/05/2012 09:51 PM, Gémes Géza wrote:
>> Hi,
>>
>> As mentioned in a previous thread I have a working multiISP setup and
>> thus multiple net zone facing interfaces.
>> With the help of Tom I'm able to specify dynamic zones on the interface
>> associated to the loc zone (For better readability of the rules I've
>> renamed the interfaces from lan-if to lan_if and so on).
>> My question is: if my net zone has multiple interfaces associated with
>> it (multiISP setup) can I use the same dynamic zone name for all the
>> interfaces in the net zone, or shall I define a dynamic zone for each
>> interface?
>>
> Hi Geza,
>
> The 'dynamic' property is currently associated with a (zone,interface)
> pair. So if you have a multi-ISP configuration and want a dynamic
> sub-zone of the external zone, you will have one ipset for each
> interface. I have been thinking about that issue recently and plan to do
> something about it in the 4.5.9 release.
>
> Relative to your earlier issue with ipset names, this is from the
> 4.5.8.1 release notes:
>
> 2) When generating ipset names for dynamic zones, the compiler was
> dropping dashes ('-') from the interface name and adding a
> unique suffix. For example the ipset for zone 'foo' and interface
> 'bar-if' might be 'foo_barif_1'. Dashes are now retained so that
> the generated set name in this example will be 'foo_bar-if'. This
> change also allows the 'add' and 'delete' commands to work
> correctly when the interface name contains one or more dashes.
>
> Although dash is documented as being an accepted character in ipset
> names, names containing a dash would generate an error in some
> contexts. That has also been corrected.
>
> Regards,
> -Tom
Thank you Tom both for clarifying it and also for fixing the dash problem.
Cheers
Geza
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
