Hi,
I use shorewall 5.0.15.6 on my router running Debian 9. I have several
interfaces which I don't use directly for IP traffic but rather as "parents"
for other interfaces such as VLANs, for example. I wonder how to properly
configure them, since I don't want any traffic to pass these interfaces
unaccounted for.
Example: My external connection is a PPPoE connection, so my external interface
is "ppp0". Since it's a VDSL line, the PPPoE traffic has to be tagged with a
specific VLAN ID. Hence ppp0 sits on top of interface "eth0.7" - which in
return sits on top of interface "eth0". eth0 and eth0.7 don't get IP addresses
(except for the link local IPv6 addresses fe80:.* which are automatically
assigned) and should not accept or send any IP traffic.
My current setup is that I put my "unused" parent interfaces in a zone "raw" in
/etc/shorewall{6,}/interfaces. But I don't set any policy for the zone raw in
/etc/shorewall{6,}/policy. I'm assuming this way the last policy "all all
REJECT" applies to these interfaces.
But I'm wondering: Does this approach make sense? Is there a better way to deal
with such interfaces? Or is it even necessary to mention these interfaces in
the shorewall configuration (or in other terms, what happens to additional
interfaces that are not mentioned in the shorewall configuration)? Thanks!
Kind regards,
Timo
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
