Hi Todd,
If you define a firewall instance "wan2lan" as "OUT" on eth0 then the
implicit deny you've mentioned only applies to eth0 and only to packets
exiting interface eth0 that are not matched by any of your firewall
rules from that instance.
Per interface you can define three firewall instances: "IN", "OUT" and
"LOCAL".
So packets entering("IN" instance) or destined to Vyatta
itself("LOCAL")are not bothered by your "OUT" firewall instance
"wan2lan" on eth0.
For eth1 you need to set another firewall instance as "OUT" or IN" or
whatever you need.
Adrian_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
