Hi, As mentioned in a previous thread I have a working multiISP setup and thus multiple net zone facing interfaces. With the help of Tom I''m able to specify dynamic zones on the interface associated to the loc zone (For better readability of the rules I''ve renamed the interfaces from lan-if to lan_if and so on). My question is: if my net zone has multiple interfaces associated with it (multiISP setup) can I use the same dynamic zone name for all the interfaces in the net zone, or shall I define a dynamic zone for each interface? Thank you in advance! Cheers Geza ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/05/2012 09:51 PM, Gémes Géza wrote:> Hi, > > As mentioned in a previous thread I have a working multiISP setup and > thus multiple net zone facing interfaces. > With the help of Tom I''m able to specify dynamic zones on the interface > associated to the loc zone (For better readability of the rules I''ve > renamed the interfaces from lan-if to lan_if and so on). > My question is: if my net zone has multiple interfaces associated with > it (multiISP setup) can I use the same dynamic zone name for all the > interfaces in the net zone, or shall I define a dynamic zone for each > interface? >Hi Geza, The ''dynamic'' property is currently associated with a (zone,interface) pair. So if you have a multi-ISP configuration and want a dynamic sub-zone of the external zone, you will have one ipset for each interface. I have been thinking about that issue recently and plan to do something about it in the 4.5.9 release. Relative to your earlier issue with ipset names, this is from the 4.5.8.1 release notes: 2) When generating ipset names for dynamic zones, the compiler was dropping dashes (''-'') from the interface name and adding a unique suffix. For example the ipset for zone ''foo'' and interface ''bar-if'' might be ''foo_barif_1''. Dashes are now retained so that the generated set name in this example will be ''foo_bar-if''. This change also allows the ''add'' and ''delete'' commands to work correctly when the interface name contains one or more dashes. Although dash is documented as being an accepted character in ipset names, names containing a dash would generate an error in some contexts. That has also been corrected. Regards, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
2012-10-06 15:58 keltezéssel, Tom Eastep írta:> On 10/05/2012 09:51 PM, Gémes Géza wrote: >> Hi, >> >> As mentioned in a previous thread I have a working multiISP setup and >> thus multiple net zone facing interfaces. >> With the help of Tom I''m able to specify dynamic zones on the interface >> associated to the loc zone (For better readability of the rules I''ve >> renamed the interfaces from lan-if to lan_if and so on). >> My question is: if my net zone has multiple interfaces associated with >> it (multiISP setup) can I use the same dynamic zone name for all the >> interfaces in the net zone, or shall I define a dynamic zone for each >> interface? >> > Hi Geza, > > The ''dynamic'' property is currently associated with a (zone,interface) > pair. So if you have a multi-ISP configuration and want a dynamic > sub-zone of the external zone, you will have one ipset for each > interface. I have been thinking about that issue recently and plan to do > something about it in the 4.5.9 release. > > Relative to your earlier issue with ipset names, this is from the > 4.5.8.1 release notes: > > 2) When generating ipset names for dynamic zones, the compiler was > dropping dashes (''-'') from the interface name and adding a > unique suffix. For example the ipset for zone ''foo'' and interface > ''bar-if'' might be ''foo_barif_1''. Dashes are now retained so that > the generated set name in this example will be ''foo_bar-if''. This > change also allows the ''add'' and ''delete'' commands to work > correctly when the interface name contains one or more dashes. > > Although dash is documented as being an accepted character in ipset > names, names containing a dash would generate an error in some > contexts. That has also been corrected. > > Regards, > -TomThank you Tom both for clarifying it and also for fixing the dash problem. Cheers Geza ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev