Mail archive

[alpine-user] Awall Duplicate Interface Name Dropped

From: Williams, Gareth <>
Date: Thu, 10 May 2018 14:48:22 +0100


If I create am Awall zone "Usr" with eth1+ as the interface definition,
awall drops any filters that contain "Usr" as both In and Out. The simply
don't show up in iptables -Lv.

If eth1 resolves to just eth1 then this makes sense as any eth1 traffic
wouldn't need to traverse a router to get to any other eth1 device.
However, if I have VLANs as eth1.2, eth1.3 etc. I'd expect traffic between
them to be routed and to traverse the firewall.

A manually generated rule such as:

iptables -A FORWARD -p tcp -i eth1+ -o eth1+ --dport 123 -j ACCEPT

shows up in iptables -Lv therefore this isn't an iptables issue.

As a workaround, I could list all the VLAN interfaces in the zone

"Usr": {"iface": ["eth1.2", "eth1.3", "eth1.4", "eth1.5"]},

but this will create an exponentially increasing number of iptables rules.

Is this a bug in awall, or have I missed something?

Thanks in advance,


Received on Thu May 10 2018 - 14:48:22 UTC