egon phillips wrote:> Can the future be now instead. No more I promise.
If you would post to the list, other people could help me try to clear
up your confusion. Since you refuse to do that, you are wasting both my
time and yours.
>>
>
> When used in shorewall/policies and shorewall/rules
> "all" maps to all valid IP address, or all possible IP
> addresses, I''m not sure which.
I''m going to tell you ONE MORE TIME -- "all" means "all
zones".
> When the zone "net" is
> specified as ipv4 in shorewall/zones, and used in
> shorewall/rules, without modification in
> shorewall/hosts the zone "net" also maps to all valid
> IP addresses.
''net'' is just an identifier. You could call it
''foo'' and it would be no
different. If you have these entries in /etc/shorewall/interfaces:
net eth0
loc eth1
Then ''net'' consists of all non-IPSEC IPv4 hosts *accessed
through eth0*.
It does not include any hosts accessed through eth1 nor does it include
the firewall itself. ''all'' means all non-IPSEC IPv4 hosts
accessed
through eth0 plus all non-IPSEC IPv4 hosts accessed through eth1 plus
the firewall itself.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key