Shorewall users - Jul 2006 - Survey: Need information about your usage of Shorewall with Bridging

I need your help. I am engaged in a discussion with Netfilter developers
about the direction that Netfilter support for bridges will take. If you
use Shorewall on a system with a bridge, I would appreciate it if you
would reply to me personally with the following information:

a) Do you filter bridge traffic as described in
http://www.shorewall.net/bridge.html or do you follow the approach
outlined in http://www.shorewall.net/SimpleBridge.html?

If you follow the SimpleBridge approach, that is all of the information
I need -- thanks.

For the next set of questions, refer to the following diagram.
Interfaces ethX and ethY are bridged via br0 and associated with two
different zones. The fact that I''ve made the bridged ports ethernet
devices is not significant; your bridge may use a tap device with
OpenVPN (tapX) or a wireless device (athX or wlanX), etc. Your bridge
may also have more than two ports -- if so, please pick two of them to
answer the questions; pick so that you can answer "Yes" to the
questions
if possible. Your bridge may also have a different name -- that isn''t
important.

     Zone Z1--------ethX<-----br0---->ethY---------Zone Z2

b) Do you define a policy for $FW -> Z1 in /etc/shorewall/policy?

c) Do you define a policy for $FW -> Z2 in /etc/shorewall/policy?

d) If the answers to b) and c) are both Yes, then are the policies the
same or are they different?

e) Do you define rules from $FW to either Z1 or Z2 in /etc/shorewall/rules?

f) Do you have a bridge/router (are there non-bridged interfaces on the
box)?

If the answer to f) is No, then that''s all I need. Thanks.

      Zone Z1--------ethX<-----br0---->ethY---------Zone Z2
                                |
                                |
			        v
                              ethZ (not bridged)
                                |
                                |
                             Zone Z3

g) Do you define a policy for Z3 -> Z1 in /etc/shorewall/policy?

h) Do you define a policy for Z3 -> Z2 in /etc/shorewall/policy?

i) If the answers to g) and h) are both Yes, then are the policies the
same or are they different?

e) Do you define rules from Z3 to either Z1 or Z2 in /etc/shorewall/rules?

Thanks for your help!

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key




-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642