>> Unless ip_restrict_interzone_loopback is 0 (the default is 1 on OS).
>> You can have zones of type exclusive-ip plumbed on different
>> interfaces but not cabled up if this parameter is set to 0.
> Where is this documented?
This is what started the whole kerfuffle for me,
particularly "which have their local IP addresses on different
interfaces", I zeroed in on this and conveniently ignored the
"shared-stack zone" which I'm noticing just now.
But how could that be ... shared-stack zone with IP address on
different interface? This thing cannot exist?
Here it is. I need exclusive stack so I can snoop traffic when bad
things happen. When bad things are not happening, traffic must not be
snoopable, sayeth the people in charge. I have this brilliant idea
(based on what I read) that I can conviently shunt traffic to the NIC
or internally, at will, using this nifty param. Bad things happen,
shunt it outside to observe. Bad things go away, shunt it back
inside, remove the cable. This cannot work, you say? This is S10U5,
OS is not an option.
zones-discuss mailing list