Re: Re: Use of Zones for routing
> As far as I remember, IPFilter doesn't support virtual networkDoes IP Filter support the ability to firewall based on IP address? If
> interfaces, which is what zones appear to use. This may have changed
> with the 4.x versions of IPFilter that Sexpress use.
that's the case, then you should be able to configure IP Filter from
*within* the global zone for a particular zone(s).
What IP Filter definitely won't allow at the moment is filtering the
traffic that takes place on the loopback "device" which is what's used
for inter-zone communication. That means that you cannot set up a
firewall between zones on the same system but you should be able to set
up firewalls between the outside world and a particular zone by setting
it up from within the global zone.