ISTR ‘all’ doesn’t include the firewall unless you explicitly state it (or use ‘all+’ but I’m less sure of this). So doesn’t there need to be a policy of ‘dock’ to $FW ACCEPT?
-- Roger Hayter > On 21 Mar 2025, at 13:08, Vieri Di Paola <vieridipa...@gmail.com> wrote: > > > > On Fri, Mar 21, 2025, 13:16 Winston Sorfleet <w...@romanus.ca> wrote: > Well, it would seem to me that's the problem - your VM is in the Docker > zone, and the host you want to access is in the Fw zone. > > But OP has 'all all ACCEPT' as policy. > Try setting to 'all all ACCEPT INFO' and confirm in logs that you see the > traffic you need. > If outgoing ok but no reply, you might want to check routing tables. > Are the replies routed back as expected to the right interface? > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
