Hello,
I am using shorewall 3.4.4
When I specify an interface name in the rules file, I expected the interface
name is given
to "-i" option of iptable for all the IP addresses. But, I am seeing different
results.
Example1:
ACCEPT loc:net0:192.168.3.1,192.168.3.2 net
tcp 80
-The above rule gernerated the following code:
run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.1 --dport 80 -j ACCEPT
run_iptables -A loc2net -p tcp -s 192.168.3.2 --dport 80 -j ACCEPT
progress_message " Rule \"ACCEPT loc:net0:192.168.3.1,192.168.3.2 net tcp
80 \" added."
Example2:
ACCEPT loc:net0:192.168.3.1,net0:192.168.3.2 net
tcp 80
-The above rule gernerated the following code:
run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.1 --dport 80 -j ACCEPT
run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.2 --dport 80 -j ACCEPT
progress_message " Rule \"ACCEPT loc:net0:192.168.3.1,net0:192.168.3.2 net
tcp 80 \" added."
Is it required to prepend interface name for every comma seperated IP address
within
the rule?
Note: In the above example, the interface name is "net0"
loc = Local zone
net = Wan zone.
Thanks,
Hebbar.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
