Hi, Sorry for such a beginner question, but I''m a complete newby at dynamic zones. Do dynamic zones supposed to inherit the configuration from their parent (static) zone? For example I have rule: ACCEPT $FW loc icmp But when I ad a host to the dynamic zone nocom, which is defined as: nocom:loc ipv4 it cannot be pinged from the firewall. Once I removed it from nocom everything works again. So the question is: Shall I duplicate the rules of the parent zone (the ones which should apply) to the dynamic zones, or, by design they should have been applied automatically and I''ve hit some kind of bug? Thank you in advance! Cheers Geza ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/07/2012 01:54 AM, Gémes Géza wrote:> Hi, > > Sorry for such a beginner question, but I''m a complete newby at dynamic > zones. > Do dynamic zones supposed to inherit the configuration from their parent > (static) zone? > For example I have rule: > ACCEPT $FW loc icmp > But when I ad a host to the dynamic zone nocom, which is defined as: > nocom:loc ipv4 > it cannot be pinged from the firewall. Once I removed it from nocom > everything works again. > > So the question is: > Shall I duplicate the rules of the parent zone (the ones which should > apply) to the dynamic zones, or, by design they should have been applied > automatically and I''ve hit some kind of bug? >Set IMPLICIT_CONTINUE=Yes in shorewall.conf. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
2012-10-07 16:01 keltezéssel, Tom Eastep írta:> On 10/07/2012 01:54 AM, Gémes Géza wrote: >> Hi, >> >> Sorry for such a beginner question, but I''m a complete newby at dynamic >> zones. >> Do dynamic zones supposed to inherit the configuration from their parent >> (static) zone? >> For example I have rule: >> ACCEPT $FW loc icmp >> But when I ad a host to the dynamic zone nocom, which is defined as: >> nocom:loc ipv4 >> it cannot be pinged from the firewall. Once I removed it from nocom >> everything works again. >> >> So the question is: >> Shall I duplicate the rules of the parent zone (the ones which should >> apply) to the dynamic zones, or, by design they should have been applied >> automatically and I''ve hit some kind of bug? >> > Set IMPLICIT_CONTINUE=Yes in shorewall.conf. > > -TomThank you Tom! I deserve the setting in shorewall.conf: ADMINISABSENTMINDED=Yes ;-) Cheers Geza ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev