Hi,

If I create am Awall zone "Usr" with eth1+ as the interface definition,
awall drops any filters that contain "Usr" as both In and Out.  The simply
don't show up in iptables -Lv.

If eth1 resolves to just eth1 then this makes sense as any eth1 traffic
wouldn't need to traverse a router to get to any other eth1 device.
However, if I have VLANs as eth1.2, eth1.3 etc. I'd expect traffic between
them to be routed and to traverse the firewall.

A manually generated rule such as:

iptables -A FORWARD -p tcp -i eth1+ -o eth1+ --dport 123 -j ACCEPT

shows up in iptables -Lv therefore this isn't an iptables issue.

As a workaround, I could list all the VLAN interfaces in the zone
definition:

"Usr": {"iface": ["eth1.2", "eth1.3", "eth1.4", "eth1.5"]},

but this will create an exponentially increasing number of iptables rules.

Is this a bug in awall, or have I missed something?

Thanks in advance,

Gareth