search for: intrazon

Although 1.4 is now released, there is one aspect of Shorewall''s design that I''m still quite unhappy with. It involves two areas: a) when and when not to create rules to allow inbound traffic on an interface to be routed back out that same interface. b) intrazone traffic. I''m currently running 1.4.0 plus a change that: a) Allows intrazone traffic unconditionally -- there''s no way to turn it off. b) Implements a NONE policy. This policy may not be overridden by rules and basically tells Shorewall to assume that there will never be any...

Hello list, Here is a setup of my network: eth0 <-> router1 <-> eth2 --- wifi --- eth2 <-> router2 <-> eth0 | | eth1 eth1 Router1: eth0 - Internet connection eth1 - Local network (network 10.1.1.0/24) eth2 - Wireless AP (network 10.1.10.0/24) Router2: eth0 - Internet

Guys, Just a quick check. From what i have read in the shorewall site, intrazone traffic is allowed completely by shorewall i.e. there is no filtering or packet size limiting ,etc,etc. I ask this becos after getting shorewall up and running well, someone has complained that they cannot print pdf files larger than 100k at one go but that they have to print one page at a time....

...all/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer creates rules to govern traffic from an interface:subnet to itself. c) Intra-zone traffic is always accepted now (exception is (b) above).. Intrazone policies and rules are no longer allowed. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net