On 23.01.2015 17:44, Tom Eastep wrote: > On 1/23/2015 5:59 AM, Gerhard Wiesinger wrote: >> Hello, >> >> Is it possible to specify multiple zones or define virtual zones to get >> better readibility? >> >> e.g. following config (all can not be used because there exist more than >> the 3 zones): >> SSH(ACCEPT) loc $FW >> SSH(ACCEPT) loc dmz >> SSH(ACCEPT) loc net >> >> # Should be written as: >> SSH(ACCEPT) loc $FW,dmz,net > That is possible already.
Great, didn't find anything in the documation. A note would be great. >> # Or virtual zone: >> fw-dmz-net: $FW,dmz,net >> SSH(ACCEPT) loc fw-dmz-net > So is that: > > /etc/shorewall/params: > > FW_DMZ_NET=$FW,dmz,net > > /etc/shorewall/rules: > > SSH(ACCEPT) loc $FW_DMZ_NET Yes, clear when above notation works. >> # or subtract it (% means subtract, just for illustration): >> SSH(ACCEPT) loc all%dmz2%dmz3 >> >> # so can look like for generating the whole n x m product: >> SSH(ACCEPT) loc,dmz4 all%dmz2%dmz3 >> >> Any plan to implement such a feature if it is not possible? > I can consider something along those lines for 4.6.7. Great. Ciao, Gerhard ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
