ISTR ‘all’ doesn’t include the firewall unless you explicitly state it (or use ‘all+’ but I’m less sure of this). So doesn’t there need to be a policy of ‘dock’ to $FW ACCEPT?
-- Roger Hayter > On 21 Mar 2025, at 13:08, Vieri Di Paola <[email protected]> wrote: > > > > On Fri, Mar 21, 2025, 13:16 Winston Sorfleet <[email protected]> wrote: > Well, it would seem to me that's the problem - your VM is in the Docker > zone, and the host you want to access is in the Fw zone. > > But OP has 'all all ACCEPT' as policy. > Try setting to 'all all ACCEPT INFO' and confirm in logs that you see the > traffic you need. > If outgoing ok but no reply, you might want to check routing tables. > Are the replies routed back as expected to the right interface? > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
