I unwillingly left out an important detail. DMZ hosts with 192.168.210.* IP addresses are only in dmz.0, dmz.1 and dmz.13. They are not in dmz.12. DMZ hosts in dmz.12 have IP addresses just like in the lan zones. So, hosts in "lanbr" (including dmz.12, but only dmz.12) are all of this type:
inet 10.215.144.2/16 brd 10.215.255.255 scope global eth0 default via 10.215.144.91 dev eth0 The Shorewall box will only route between lanbr (10.215.*) and dmzbr (192.168.2210.*). _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
