diff options
author | Olivier Blin <blino@mageia.org> | 2013-03-24 14:49:30 +0000 |
---|---|---|
committer | Olivier Blin <blino@mageia.org> | 2013-03-24 14:49:30 +0000 |
commit | e996b1807709f625675513ff75aabffc3c4a3c87 (patch) | |
tree | c26f62aabb50b9c5a6480a6e78599c65ea0e278c | |
parent | 41b10c74f06cd9bf2a267f88c6aa1d3529a5c06f (diff) | |
download | drakx-net-e996b1807709f625675513ff75aabffc3c4a3c87.tar drakx-net-e996b1807709f625675513ff75aabffc3c4a3c87.tar.gz drakx-net-e996b1807709f625675513ff75aabffc3c4a3c87.tar.bz2 drakx-net-e996b1807709f625675513ff75aabffc3c4a3c87.tar.xz drakx-net-e996b1807709f625675513ff75aabffc3c4a3c87.zip |
drakfirewall: list loc zone before net zone in /etc/shorewall/zones
This is useful to apply local rules before net rules for a
"one-armed" router, e.g. one interface with both a public IP
address and a local private address, with such an entry in
/etc/shorewall/hosts: "loc eth0:192.168.0.0/24"
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | lib/network/shorewall.pm | 2 |
2 files changed, 6 insertions, 1 deletions
@@ -1,6 +1,11 @@ - improve MAC adress help - drakfirewall: o fix detecting if shorewall is enabled (mga#8699) + o list loc zone before net zone in /etc/shorewall/zones; + this is useful to apply local rules before net rules for a + "one-armed" router, e.g. one interface with both a public IP + address and a local private address, with such an entry in + /etc/shorewall/hosts: "loc eth0:192.168.0.0/24" 1.19.2: - re-add broadcom-wl reference diff --git a/lib/network/shorewall.pm b/lib/network/shorewall.pm index ee71d1d..5ee8d38 100644 --- a/lib/network/shorewall.pm +++ b/lib/network/shorewall.pm @@ -184,8 +184,8 @@ What do you want to do?"), }; set_config_file("zones", - [ 'net', 'ipv4' ], if_($has_loc_zone, [ 'loc', 'ipv4' ]), + [ 'net', 'ipv4' ], [ 'fw', 'firewall' ], ); set_config_file('interfaces', |