Early 4.0 documentation is available at http://www.shorewall.net/4.0/. The Documentation is still very much a work in progress. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
--- Tom Eastep <teastep@shorewall.net> wrote:> Early 4.0 documentation is available at > http://www.shorewall.net/4.0/. > The Documentation is still very much a work in > progress.Should BRIDGING be Yes or No in shorewall.conf in case one follows the http://www.shorewall.net/4.0/bridge-Shorewall-perl.html guide? ____________________________________________________________________________________Ready for the edge of your seat? Check out tonight''s top picks on Yahoo! TV. http://tv.yahoo.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
--- Vieri Di Paola <vieridipaola@yahoo.com> wrote:> > --- Tom Eastep <teastep@shorewall.net> wrote: > > > Early 4.0 documentation is available at > > http://www.shorewall.net/4.0/. > > The Documentation is still very much a work in > > progress. > > Should BRIDGING be Yes or No in shorewall.conf in > case > one follows the >http://www.shorewall.net/4.0/bridge-Shorewall-perl.html> guide?Also, according to the guide: " Policies from a non-BP zone to a BP are disallowed. Rules where the SOURCE is a non-BP zone and the DEST is a BP zone are disallowed. " Suppose the shorewall bridge is also a PPTP and an IPsec server (ie. "road ppp+" defined in interfaces file, IPsec defined in tunnels, etc.), this would mean that it would be impossible to define firewall rules like: ACCEPT road:192.168.201.111 $DMZ:192.0.177 tcp 143 Is that right? ____________________________________________________________________________________ Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. http://mobile.yahoo.com/go?refer=1GNXIC ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Vieri Di Paola wrote:> --- Tom Eastep <teastep@shorewall.net> wrote: > >> Early 4.0 documentation is available at >> http://www.shorewall.net/4.0/. >> The Documentation is still very much a work in >> progress. > > Should BRIDGING be Yes or No in shorewall.conf in case > one follows the > http://www.shorewall.net/4.0/bridge-Shorewall-perl.html > guide?Shorewall-perl only accepts BRIDGING=No -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Vieri Di Paola wrote:> --- Vieri Di Paola <vieridipaola@yahoo.com> wrote: > >> --- Tom Eastep <teastep@shorewall.net> wrote: >> >>> Early 4.0 documentation is available at >>> http://www.shorewall.net/4.0/. >>> The Documentation is still very much a work in >>> progress. >> Should BRIDGING be Yes or No in shorewall.conf in >> case >> one follows the >> > http://www.shorewall.net/4.0/bridge-Shorewall-perl.html >> guide? > > Also, according to the guide: > > " > Policies from a non-BP zone to a BP are disallowed. > Rules where the SOURCE is a non-BP zone and the DEST > is a BP zone are disallowed. > " > > Suppose the shorewall bridge is also a PPTP and an > IPsec server (ie. "road ppp+" defined in interfaces > file, IPsec defined in tunnels, etc.), this would mean > that it would be impossible to define firewall rules > like: > > ACCEPT road:192.168.201.111 $DMZ:192.0.177 tcp 143 > > Is that right?If DMZ is a BP zone, that is correct. That''s why it is recommended that there be a parent ipv4 zone to use in this case (''world'' in the article you refer to). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/