Hi, I have a system with Linux VServers and the Hostsystem has different network interfaces (I virtualize servers from 3 different networks on this hostsystem [1]). Now I (also) want to deny traffic from one VServer to another, i.e. from one interface to another. I can do this by filtering the "lo"-Interface with iptables with the specific local IP addresses. But I want to do this with Shorewall and to "abstrahate" this process in terms of zones: I want one zone for each network and interface. The problem: Parts of the zones are on the firewall itself (zone "fw"). There is a hosts file where I can define nested zones constisting on single addresses...but this works NOT for the fw zone :-( :-( Is there a possibility to partition the fw-zone into different (sub)zones? Thank you, Luke [1] I know I should not do this anyway. But in this case it''s OK for me because all of them are my private servers in different "zones" -- Sensationsangebot nur bis 30.11: GMX FreeDSL - Telefonanschluss + DSL für nur 16,37 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Lukas Haase wrote:> > Is there a possibility to partition the fw-zone into different (sub)zones? >No. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
> Lukas Haase wrote: > > > > Is there a possibility to partition the fw-zone into different > (sub)zones? > > > > No.:-( :-( :-( Any other way to implement my described scenario? I could just use iptables itself but first it''s completely unflexible and second it has problems when combined with Shorewall... Luke -- "Feel free" - 5 GB Mailbox, 50 FreeSMS/Monat ... Jetzt GMX ProMail testen: http://www.gmx.net/de/go/promail ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Lukas Haase wrote:>> Lukas Haase wrote: >>> Is there a possibility to partition the fw-zone into different >> (sub)zones? >> No. > > :-( :-( :-( > > Any other way to implement my described scenario?Use fw->fw policy and/or rules. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/