Paul Gear wrote:
> Since starting to work with Shorewall, i've never been irritated by one
> of its design features, which suggests that my brain works the way Tom's
> does, and yours doesn't. ;-) Sometimes it's just simpler to find
> another product that works closer to the way you think.
>
I
Colin Alston wrote:
> On Sat, Jun 13, 2009 at 5:24 PM, Tom Eastep wrote:
>
>> By definition, SOURCE = 'all:' implies that packets with the given
>> source IP address can originate both on the firewall itself and outside
>> of the firewall. Clearly, that isn't possible in any sane network.
>> Simi
On Sat, Jun 13, 2009 at 5:24 PM, Tom Eastep wrote:
>
> By definition, SOURCE = 'all:' implies that packets with the given
> source IP address can originate both on the firewall itself and outside
> of the firewall. Clearly, that isn't possible in any sane network.
> Similarly, where ipsec is invo
Colin Alston wrote:
> I've been digging through the various manuals and am a bit irritated
> with limitation on the rules system
>
> Why do I have to specify a source zone to allow a source IP range on all
> zones? There is no iptables requirement for anything more than a source
> address, so I do
That's a good question and I've wondered that myself a time or two...
On Jun 13, 2009, at 7:55, Colin Alston wrote:
> I've been digging through the various manuals and am a bit irritated
> with limitation on the rules system
>
> Why do I have to specify a source zone to allow a source IP range
I've been digging through the various manuals and am a bit irritated with
limitation on the rules system
Why do I have to specify a source zone to allow a source IP range on all
zones? There is no iptables requirement for anything more than a source
address, so I don't understand why all: does not
