--On Thursday, February 27, 2003 08:12:45 AM +0530 S Mohan <[EMAIL PROTECTED]> wrote:
Can I have comments on this doc please? I could have written qos-htb but would have duplicated Juan Prieto's effort. Ideally this should be followed by the qos-htb doc. Excuse blunders if any. Would be happy to learn where I've gone wrong or made mistakes.
Would like Tom or Jacques to comment on how Shorewall can be used here only on the FORWARD table? Would also like some one to ratify cable connections - crossed and straight for combination of devices.
Provided that you assign an IP address to the bridge device, you can still have traffic to/from the $FW zone (I'm assuming that traffic would be through the br0 device - I haven't personally experimented with the bridge code). I would think that such traffic would still use the INPUT and OUTPUT chains.
You should be able to do pretty much anything else supported by Shorewall except for using those features that require the interface involved to have an IP address. With the exception of obvious things like masquerading, those features are usually denoted in the documentation by the requirement that the interface must be up before Shorewall starts.
Shorewall will generate rules for the INPUT and OUTPUT chains through the bridged ethernet devices but I wouldn't think that such rules would hurt anything; they just would never be exercised.
If it turns out that there are problems with those rules, we can create a 'bridged' interface option that suppresses them.
I'll be happy to work with someone who is experimenting with bridging and Shorewall. It's something I've wanted to do myself but simply haven't found the time.
-Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp
_______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
