On 11/16/18 1:31 PM, Boris wrote: > Am 14.11.18 um 19:01 schrieb Tom Eastep: >> >> You can assign a zone (call it 'hack') to eth0 then add these policies: >> >> hack all ACCEPT >> all hack REJECT <log level> >> > > Hej Tom, > > thank you VERY much for this! > I will try this the next days and give report. > I have thought a bit more about this, and I think that a better idea is to just add an entry in /etc/shorewall/interfaces that associates eth0 with the same zone as the ppp interface (probably 'net' or 'wan'). You don't have to worry about output traffic on eth0 because it has no IP address; hence, there can be no routes out of the interface and no IP traffic will be sent there.
-Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
