-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Il 14/06/2016 11:05, Răzvan Sandu ha scritto:
>
> [...] I just want to be 100% sure that I define VLAN interfaces
> correctly in shorewall [...]
Sorry, Răzvan, if I'm repeating myself... but the key point, here, is:
--as for shorewall, there's _NO_ "VLAN interface" concept--
As for shorewall point of view, what you're referring as a "VLAN
interface" is.... a _NORMAL_ interface.
So this imply that, as for shorewall, there's _NO_NEED_ to specify
anything... as everything has been already described about "interfaces".
> that's why I kindly ask the shorewall developers for a piece of
> documentation adressing this
At best, IMHO, this could be addressed in the FAQ:
http://shorewall.net/FAQ.htm
probably adding a Q&A item like this:
- ----------------------------
Q: One of my physical interface is an 802.1q/VLAN trunk configured to
transport several VLANs. I need to bind each of this VLANs to a related
Shorewall ZONE. What are the key-points that I need to be aware of?
A: As for Shorewall point-of-view, there's no VLAN concept. Once
VLAN-interfaces are properly configured within the underlying OS, they
can be referenced within "interface" file as with any other normal,
non-vlan interfaces.
There are several issues that could arise, under some particular
conditions (eg.: bridging different VLAN interface; relying on the
'untagged'/'native' VLAN of a 'trunk' interface; filtering based on MAC
address; etc.) but, in general, the key-point is that a properly
configured and running VLAN interface, looks to shorewall exactly like a
"normal" interface.
- ----------------------------
Obviously, it's only a proposal.
HTH.
Bye,
DV
- --
Damiano Verzulli
e-mail: [email protected]
- ---
possible?ok:while(!possible){open_mindedness++}
- ---
"Technical people tend to fall into two categories: Specialists
and Generalists. The Specialist learns more and more about a
narrower and narrower field, until he eventually, in the limit,
knows everything about nothing. The Generalist learns less and
less about a wider and wider field, until eventually he knows
nothing about everything." - William Stucke - AfrISPA
http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iEYEARECAAYFAldgVToACgkQcwT9fsMT4Sz20QCgiUhvmC+5TMihMfoB5x6OXNEr
p/EAnjmRTr7zy9Ube4jNeQ1GlLb3VFPx
=0mRJ
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
