[Shorewall-users] Paritioning fw into zoneas

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I have a system with Linux VServers and the Hostsystem has different network interfaces (I virtualize servers from 3 different networks on this hostsystem [1]).

Now I (also) want to deny traffic from one VServer to another, i.e. from one interface to another. I can do this by filtering the "lo"-Interface with iptables with the specific local IP addresses.

But I want to do this with Shorewall and to "abstrahate" this process in terms of zones: I want one zone for each network and interface. The problem: Parts of the zones are on the firewall itself (zone "fw").

There is a hosts file where I can define nested zones constisting on single addresses...but this works NOT for the fw zone :-( :-(

Is there a possibility to partition the fw-zone into different (sub)zones?

Thank you,
Luke

[1] I know I should not do this anyway. But in this case it's OK for me because all of them are my private servers in different "zones"

-- 
Sensationsangebot nur bis 30.11: GMX FreeDSL - Telefonanschluss + DSL 
für nur 16,37 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a