forked from extern/shorewall_code
Add some info about mis-using Vserver zones
This commit is contained in:
parent
82913abeca
commit
a7dd95d394
@ -338,5 +338,15 @@ loc2 eth1:192.168.20.0/24</programlisting>
|
||||
Interface</emphasis></ulink>.</para>
|
||||
</example>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Defining a Zone-per-Address</title>
|
||||
|
||||
<para><ulink url="Vserver.html">Shorewall's support for Linux
|
||||
Vservers</ulink> can (miss-)used to create a separate zone per alias.
|
||||
Note that this results in a <emphasis>partitioning of the firewall
|
||||
zone</emphasis>. Be sure that you define an ACCEPT policy between your
|
||||
vserver zones and $FW.</para>
|
||||
</section>
|
||||
</section>
|
||||
</article>
|
||||
|
@ -65,6 +65,11 @@
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Note that you don't need to run Vservers to use vserver zones; they
|
||||
may also be used to create a firewall sub-zone for each <ulink
|
||||
url="Shorewall_and_Aliased_Interfaces.html">aliased
|
||||
interface</ulink>.</para>
|
||||
|
||||
<para>If you use these zones, keep in mind that Linux-vserver implements a
|
||||
very weak form of network virtualization:</para>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user