Tom Eastep wrote: > On 5/25/13 6:35 PM, "Dash Four" <[email protected]> wrote: > >> Tom Eastep wrote: >> >>> 4.5.17 RC 1 is now available for testing. >>> >>> Changes since Beta 3: >>> >>> 1) A 'local' zone now works correctly with 'destonly' specified on the >>> loopback device. >>> >>> >> ERROR: The local zone may only me assigned to 'lo' >> /etc/shorewall/interfaces >> >> Says who, exactly? I should be able to assign the local zone to >> whichever network adapter I damn well please! >> > > As the Rolling Stones say, you can't always get what you want. Especially > when you ask like that. > Well, in this case, I will have to use start/started to manually delete all the <all>2local and local2<all> crap shorewall placed in my own firewall and be done with it and not bother with this next-to-useless "local" zone option at all.
If it was just the loopback interface your recent changes have targeted, then, maybe, just maybe, you should have called this option "loopback" instead to make it clearer. Personally, I won't be using this, as your "local" solution is neither here nor there - my intention was, and always has been, to isolate the local zone from all other zones I have defined (be it based on the loopback interface or lo:X interfaces, or some other interfaces bound to the 127.x.x.x address I have defined in advance) and exercise a degree of control over its traffic. Currently, your "local" solution falls well short of that. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
