[Shorewall-users] Zone based connection tracking

Naveen Neelakanta Tue, 10 Jul 2018 12:34:26 -0700

Hi All,

How can I achieve, the below zone based connection tracking, using
Shorewall so that a new connection entry gets created when the traffic is
routed to another internet interface.


These are manually added command :
iptables -A PREROUTING -i eth3 -j CT --zone 1 -t raw
iptables -A OUTPUT -o eth3 -j CT --zone 1 -t raw

cat /proc/net/nf_conntrack | grep zone=| grep 192.168.103.1 | grep
192.168.55.1
ipv4     2 icmp     1 29 src=192.168.55.1 dst=192.168.103.1 type=8 code=0
id=4391 src=192.168.103.1 dst=192.168.103.2 type=0 code=0 id=4391 mark=0
zone=1


I have the existing below-configured zones.

# cat /etc/shorewall/zones
#ZONE   TYPE        OPTIONS     IN          OUT
#                   OPTIONS         OPTIONS
fw     firewall
lan    ipv4
vpn    ipsec
inet   ipv4

# cat /etc/shorewall/interfaces
#ZONE     INTERFACE       OPTIONS
lan     eth4            detect          tcpflags,nosmurfs,logmartians
inet     eth5            detect          tcpflags,nosmurfs,logmartians
inet     eth3            detect          tcpflags,nosmurfs,logmartians
lan     eth0            detect          tcpflags,nosmurfs,logmartians

Thanks,
Naveen

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] Zone based connection tracking

Reply via email to