search for: eth1_dynf

...rom this message. I''m trying to simplify this as much as possible to get problem clear. Problem is: Zones: vpn wlan net Interfaces: net eth0 wlan eth1 Policies: vpn all REJECT net all DROP wlan all REJECT all wlan REJECT all all REJECT shorewall add eth0:10.10.0.0/24 vpn produces: - -A eth1_dynf -d 10.10.0.0/255.255.255.0 -o eth0 -j wlan2all and then I add another host to vpn zone shorewall add eth1:192.0.2.1 vpn Which will generate this ruleset after previous one. - -A eth1_dynf -s 192.0.2.1 -d 10.10.0.0/255.255.255.0 -o eth0 -j vpn2vpn - -A eth1_dynf -s 192.0.2.1 -o eth1 -j vpn2dmz -...

Hi, it seems not to be possible to add more than one host at once to a zone. So shorewall add br0:eth0:192.168.2.10,eth0:192.168.2.11 work fails, since "br0:eth0:192.168.2.10,eth0" is interpreted as one interface. --snip -- iptables v1.2.9: interface name `eth0:192.168.2.10,eth0'' must be shorter than IFNAMSIZ (15) Try `iptables -h'' or ''iptables

...want to be able to list which subnets are currently in the zone at any one time. Initially we were parsing the output of "shorewall status", which works but can be very slow. Looking at the output of "shorewall status", it seems that the subnets we are interested in are in zone eth1_dynf, and it is much quicker to do a "shorewall show eth1_dynf" than a "status" command. My questions are: if we change the configuration of Shorewall, will the name of the chain we are interested in change? Is there a better way of finding out which subnets are currently in a given...