On 1/23/2015 5:59 AM, Gerhard Wiesinger wrote: > Hello, > > Is it possible to specify multiple zones or define virtual zones to get > better readibility? > > e.g. following config (all can not be used because there exist more than > the 3 zones): > SSH(ACCEPT) loc $FW > SSH(ACCEPT) loc dmz > SSH(ACCEPT) loc net > > # Should be written as: > SSH(ACCEPT) loc $FW,dmz,net
That is possible already. > > # Or virtual zone: > fw-dmz-net: $FW,dmz,net > SSH(ACCEPT) loc fw-dmz-net So is that: /etc/shorewall/params: FW_DMZ_NET=$FW,dmz,net /etc/shorewall/rules: SSH(ACCEPT) loc $FW_DMZ_NET > > # or subtract it (% means subtract, just for illustration): > SSH(ACCEPT) loc all%dmz2%dmz3 > > # so can look like for generating the whole n x m product: > SSH(ACCEPT) loc,dmz4 all%dmz2%dmz3 > > Any plan to implement such a feature if it is not possible? I can consider something along those lines for 4.6.7. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
