Dear shorewall users, I'm at a point I need a bit of help on the following configuration A main host directly connected to internet with one physical interface eth0 use a bridge I've setup libvirtd/qemu-kvm on it with one vhost using br0/vnet0 The vm has also a public ipv4 address (see k* config in zip) I'm using shorewall from long time now, in 3 interfaces modes or 1 interface from years. But even after digging in documentation, ml archives or google. It seem I miss something. Can an hawk expert eyes have a look, and give me feedback about what I've build (but not work as expected) Summary of what should be working : pub/net should only be allowed on specific protocol to fw (main host) or dmz (the vm) fw and dmz have free access to internet out. I've certainly lost myself in the different approach, and finally have choose the wrong one. At the end I will also have ipv6 (but should be able to adapt the v4 to v6) Thanks for any pointers, or advise you could offer. [1] zipped file with configuration, ip information & shorewall dump obione is the main host, k is the kvm guest https://dl.dropboxusercontent.com/u/13333867/obione-k.shorewall.zip -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Board GPG KEY : D5C9B751C4653227 irc: tigerfoot ~~~Don't take Life too serious. Nobody gets out alive anyway!~~~ ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users