On Wed, Mar 25, 2020 at 07:13:50PM -0500, Kevin Parent wrote: > > > I think you need interfaces option "routeback". > > > > In the man file for shorewall zones it states: > > For $FW and for all of the zones defined in /etc/shorewall/zones, > > the POLICY for connections from the zone to itself is ACCEPT > > (with > > no logging or TCP connection rate limiting) but may be overridden > > by an entry in this file. The overriding entry must be explicit > > (specifying the zone name in both SOURCE and DEST) or it must use > > "all+" (Shorewall 4.5.17 or later). > > As you suggested, the "routeback" option in /etc/shorewall/interfaces did > the trick.
I guess the doc is referring to hosts on a zones that spans interfaces. An interface can only belong to one zone, but a zone could have multiple interfaces, like: lan ip dept1:lan ip dept2:lan ip dept1 eth0 dept1 eth1 I guess the "zones" doc should mention that. -- Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
