Mail archive
alpine-user

[alpine-user] Awall Duplicate Interface Name Dropped

From: Williams, Gareth <gareth_at_garethwilliams.me.uk>
Date: Thu, 10 May 2018 14:48:22 +0100

Hi,

If I create am Awall zone "Usr" with eth1+ as the interface definition,
awall drops any filters that contain "Usr" as both In and Out. The simply
don't show up in iptables -Lv.

If eth1 resolves to just eth1 then this makes sense as any eth1 traffic
wouldn't need to traverse a router to get to any other eth1 device.
However, if I have VLANs as eth1.2, eth1.3 etc. I'd expect traffic between
them to be routed and to traverse the firewall.

A manually generated rule such as:

iptables -A FORWARD -p tcp -i eth1+ -o eth1+ --dport 123 -j ACCEPT

shows up in iptables -Lv therefore this isn't an iptables issue.

As a workaround, I could list all the VLAN interfaces in the zone
definition:

"Usr": {"iface": ["eth1.2", "eth1.3", "eth1.4", "eth1.5"]},

but this will create an exponentially increasing number of iptables rules.

Is this a bug in awall, or have I missed something?

Thanks in advance,

Gareth



---
Unsubscribe:  alpine-user+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-user+help_at_lists.alpinelinux.org
---
Received on Thu May 10 2018 - 14:48:22 GMT