Now that I have finally managed to activate the dynamic zones, I would like to be able to use them to allow ssh access to my FW on the fly. I only have one interface: eth0
zones: fw firewall net ipv4 sshok:net ipv4 dynamic_shared hosts: sshok eth0:dynamic policy: net all DROP info all all REJECT info rules: SSH(ACCEPT) net:+sshok fw But my access is REJECTed: Oct 8 01:17:20 myfw kernel: [2589.152380] sshok-fw REJECT IN=eth0 OUT= MAC=fa:16:3e:77:ac:2a:2a:9c:dc:33:c6:4b:08: 00 SRC=ssh_client_IP DST=fw_ip LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=5951 DF PROTO=TCP SPT=29346 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 What is my mistake please? -- Christophe _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
