Darren Reed wrote: > Tony, > > Is enabling filtering of loopback filtering, for controlling access > between zones that are using the shared IP instance model, in > scope or out of scope for your project? >
Darren, It's out of scope, at least for the current phase. In simplifying the user model, we chose to set up policy for the entire system or specific IP interface; user do not need to specify a local IP address. To fully support filtering between zones, we'll need a more complex firewall configuration to store per IP address policy, something similar to Firewall Builder but that's a no longer a simple user model. We should continue this conversation to figure out an optimal solution. Thanks, -tony
