OK I must be a little tired because i''m sure this has been addressed before but I can''t find the answer...So my apologies... Is there any way I can put interfaces in the same zone without allowing hosts/nets on different interfaces in the same zone talk to eachother? I know this is kind of strange but I need it to greatly simplify my firewalling... Any hints/tips would be very welcome. TIA -- GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
On Tue, 2003-10-07 at 15:21, Michael Loftis wrote:> OK I must be a little tired because i''m sure this has been addressed before > but I can''t find the answer...So my apologies... > > Is there any way I can put interfaces in the same zone without allowing > hosts/nets on different interfaces in the same zone talk to eachother? I > know this is kind of strange but I need it to greatly simplify my > firewalling... > > Any hints/tips would be very welcome. >If the zone name is Z, just add a Z->Z REJECT policy. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
See I knew it was a simple answer! Thanks much Tom :) --On Tuesday, October 07, 2003 15:20 -0700 Tom Eastep <teastep@shorewall.net> wrote:> > If the zone name is Z, just add a Z->Z REJECT policy. >-- GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E