On 23/02/18 10:01, Tom Eastep wrote:
> On 02/22/2018 05:39 PM, Spyros Stathopoulos wrote:
>> As there is no access control
>> from the device itself I can only limit the connection from shorewall.
> The value in defining multiple zones within a LAN is to define different
> rules/policies to/from the LAN. Because intra-LAN traffic within a
> subnet does not pass through the Shorewall system, rules and policies on
> that system are ineffective in controlling intra-LAN traffic. If
> different disjoint subnets are defined, traffic between the subnets does
> go through the Shorewall system, but such a setup is easily bypassed by
> LAN users who have administrative privileges on their systems. The best
> way to accomplish what you want is via firewall rules on itself.

What about putting the device on a separate interface and using
shorewall's bridge firewall feature?

James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Shorewall-users mailing list

Reply via email to