Thank you very much for the explanations. I too find it more elegant and simpler, but I wanted to understand the nuance. I can assure you that I have read and reread the docs many times, but I admit that everything is not clear to me, I am neither a specialist nor an English speaker, and that doesn't help.
Le dimanche 08 octobre 2023 à 16:43 +0100, Rodrigo Araujo a écrit : > That part of the docs is specific to ipsets, and the way you did ends > up working because a dynamic zone is implemented using a ipset. But > that was sort of hackish (in my personal opinion, others can > disagree). Your rule says "allow ssh from the net zone, but only if > from addresses contained in that ipset, to the firewall". > > The way I suggested is more general, since a dynamic zone is just a > zone. So what I suggested just says "allow ssh from the sshok zone to > the firewall". I think it's more elegant this way too. > > If you intend to work with more zones and a more complex setup in the > future, I would suggest reading the part of the docs that talks about > the concept of zones. Once one understands that, it makes sense. -- Christophe _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
