[Shorewall-users] more than 3 interfaces

Jack Coates jack at monkeynoodle.org
Tue Jun 29 15:47:11 PDT 2004


> Tom Eastep wrote:
>
>> Although more zones are only needed/recommended if you have need for
>> firewalling between the similar interfaces (e.g., between dmz1 and
>> dmz2); otherwise, just assign both eth4 and eth5 to a single dmz zone.
>
> Why? Is there some advantage to using two or three NICs for a single zone?
>

not really -- just if you've got several physical segments that should all
have the same policy, you can define that policy for one zone instead of
repeating it across several zones (not to mention inter-zone policy).
-- 
Jack At Monkeynoodle.Org:  It's A Scientific Venture...
"Every gun that is made, every warship launched, every rocket fired,
signifies in the final sense a theft from those who hunger and are not
fed, those who are cold and are not clothed." -- President Dwight D.
Eisenhower, April 16, 1953


More information about the Shorewall-users mailing list