Grant wrote: > could someone confirm that I would have no loc zone if my only interface is > eth0 connected to a separate router?
You mean, you have a standalone device, which connects to your local network with one interface (and the router is <somewhere else>) ? You can still have a LOC zone, you will want to differentiate between connections to/from devices on your local network and those that are remote. IIRC, you'll want to define LOC in terms of IP/netmask. Alternatively, you can have just one zone and define any rules for on-net traffic to include the local network IP/netmask (or individual machine IP) if you prefer. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
