[Shorewall-users] Simple question about zones (haven't found
teastep at shorewall.net
Wed Mar 2 07:39:07 PST 2005
Nick Mashchenko wrote:
> I can write this in /etc/shorewall/zones:
> fw1 eth0 broadcast <options>
> fw2 eth1 broadcast <options>
Surely not in /etc/shorewall/zones -- that looks like an entry in
/etc/shorewall/interfaces but in that case:
fw1 = all hosts whose traffic enters your firewall through eth0.
fw2 = all hosts whose traffic enters your firewall through eth0.
This would be the way in which you would define your 'net1' and 'net2'
> Then I'll get what I want: two zones assigned to appropriate ifaces.
> However, in this case, what does mean "fw"?
> Which iface "belongs" to this zone?
$FW IS NOT ASSOCIATED WITH AN INTERFACE!!!! It stands for "All programs
(including the operating system) running in the Firewall system".
When you define loc->fw rules, you don't have this confusion do you?
Then why do you have it when you are dealing with your two ISP zones? To
Shorewall, there is no difference at all between zones EXCEPT FOR $FW (fw).
Tom Eastep \ Off-list replies are cheerfully ignored
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
More information about the Shorewall-users