Adrian, That also helps in the situation on which I've been working. Thanks and keep the good answers coming!!!
Josh On 12/23/07, Todd Worden <[EMAIL PROTECTED]> wrote: > > Ah... that makes sense... thank you! > > Todd Worden > Web-Wired, LLC > 434.906.0420 > [EMAIL PROTECTED] > www.web-wired.com > > -----Original Message----- > From: Adrian F. Dimcev [mailto:[EMAIL PROTECTED] ] > Sent: Sunday, December 23, 2007 8:01 AM > To: Todd Worden > Cc: vyatta-users@mailman.vyatta.com > Subject: RE: [Vyatta-users] Firewall implicit deny all > > Hi Todd, > If you define a firewall instance "wan2lan" as "OUT" on eth0 then the > implicit deny you've mentioned only applies to eth0 and only to packets > exiting interface eth0 that are not matched by any of your firewall > rules from that instance. > Per interface you can define three firewall instances: "IN", "OUT" and > "LOCAL". > So packets entering("IN" instance) or destined to Vyatta > itself("LOCAL")are not bothered by your "OUT" firewall instance > "wan2lan" on eth0. > For eth1 you need to set another firewall instance as "OUT" or IN" or > whatever you need. > Adrian > > > > __________ NOD32 2744 (20071223) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users >
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
