On Fri, 13 Dec 2019 at 16:58, Jo-Philipp Wich wrote:
>
> Hi,
>
> per definition, zone forward policies were only ever meant to apply to
> traffic between interfaces within the same zone *not* to traffic
> anywhere else.
>
> Your patch would break that assumption as far as I can see.
>
> ~ Jo
I se
Hi,
per definition, zone forward policies were only ever meant to apply to
traffic between interfaces within the same zone *not* to traffic
anywhere else.
Your patch would break that assumption as far as I can see.
~ Jo
signature.asc
Description: OpenPGP digital signature
E.g. traffic entering zone_lan_forward must match "-i br-lan". That is,
forward policy of zone X applies to those traffics from zone X and to be
forwarded to other zones The iptables target for zone policy enforcement
should be zone_NAME_src_POLICY to match "-i br-lan", not
zone_NAME_dest_POLICY t
