On Friday 30 August 2002 09:00 am, Pascal DeMilly wrote:
> To all,
> I have a firewall with 3 NICS.
> eth0 connects to the Internet
> eth1 connects to a wired lan
> eth2 connects to a wireless lan
> In my rules, I would like to create a zone loc which encompassed eth1
> and eth2 and create 2 sub-zones: lan for eth1 and wlan for eth2.
> Because I only want to open what I need on that firewall and because
> that firewall is also used for different services (I know I shouldn't
> but it is not my decision) my rules are pretty big. What I would like to
> do is use loc for everything that is common to both lan and wlan then
> use the specific zones for things that are specific to each. I think
> that will make maintenance a little bit easier. Later on I will PPTP
> wlan. So that might be the first thing I should do.
> Is it possible to do with shorewall ? and is it a good idea ?
Sounds reasonable to me and it is possible with Shorewall.
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@...