[Shorewall-users] IPSec question

Tom Eastep teastep at shorewall.net
Tue, 24 Sep 2002 09:20:01 -0700

Tom Eastep wrote:

> Yes -- to start with, it appears that isn't in any zone 
> that you have defined (see the first bullet under "Other Gotchas" on the 
> Troubleshooting page). I would make it its own zone associated with eth1 
> (so eth1 is a multi-zone interface) then you can have a policy of ACCEPT 
> between the new zone and your local one.

And that ACCEPT policy would presumably apply in both directions...

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net