|Main Archive Page > Month Archives > shorewall-users archives|
On 06/06/2011 10:02 AM, David Rayner wrote:
> I have configured a Fedora 15 installation to operate as a two interface
> I have followed the instructions from
> http://www.shorewall.net/3.0/NewBridge.html and configured shorewall, but
> cant seem to restrict traffic from a pc within the net zone.
> The local zone and net zone pc's share the same ip subnet, 192.168.7.x but
> when the firewall is started I can still ping from the pc (192.168.7.116) on
> the net zone to any pc on the local zone.
> The ip addresses seem correctly assigned to the correct zones. If I try to
> ping from the bridge to the pc on the net zone I receive fw2net messages in
> the log, and fw2loc when pinging a pc on the local zone.
> It appears I am missing something, any pointers would be appreciated.
The document you have been reading applies to the Shorewall 3.x series;
hopefully, you are running Shorewall 4.4 on Fedora 15. There are more
recent articles that apply to Shorewall 4.4 and bridging. See the
Documentation index linked from the Shorewall home page.
> See below for my config:
> #ZONE HOST(S) OPTIONS
> loc br0:192.168.7.0/24!192.168.7.116
> #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
> # LEVEL BURST MASK
> loc net ACCEPT
> net all DROP info
> All all REJECT info
That isn't the rules file -- it's the policy file. And your fw->net
policy is REJECT (from the all->all REJECT entry) so unless you have
exceptions in the rules file, you aren't going to be able to access the
net at all from the Shorewall box).
> #ZONE INTERFACE BROADCAST OPTIONS
> net br0 192.168.7.255
Broadcast addresses are no longer required -- you're probably getting a
warning from that.
> #ZONE TYPE OPTIONS IN OUT
> # OPTIONS OPTIONS
> fw firewall
> net ipv4
> loc:net ipv4
-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today.
Shorewall-users mailing list