Le 31/05/2019 à 22:50, ObNox a écrit :
By default, Shorewall allows intra-zone traffic. To control the
intra-zone traffic on your own terms, just declare the zone in your
"policy" file and also declare the interface on the "interfaces" file.
Ex: Assuming the br0 interface is in zone "brz" (I only use the bracket
notation, I don't like the column-based notation)
/etc/shorewall/interfaces
net { interface=eth0
options="nets=(!192.168.0.0/24),nosmurfs,rpfilter,dhcp" }
brz { interface=br0
options="nets=(192.168.0.0/24),nosmurfs,rpfilter,bridge,dhcp" }
/etc/shorewall/policy
$FW { dest=all policy=ACCEPT }
brz { dest=brz policy=REJECT loglevel=info }
all { dest=all policy=DROP loglevel=info }
NOTE: Choose "policy" and "loglevel" as you see fit for your needs
Now, everything is under control and you can manage your "rules" file as
you wish! Declare all you need for the rightful traffic between A and B
and the kern.log will show you the unwanted traffic between A and B
(assuming you keep the policy settings written above)
It's working like a charm.
Thank you, ObNox.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
