* Miguel Albuquerque;
In the option FW_ALLOW_CLASS_ROUTING="yes" --> virtual interfaces are included or not? (eth0:2 i.e. and so on...). If yes, I won't need to declare them in FW_DEV_INT, correct? And if yes, what does it implies in the security and performance scope?
As far as I understand virtual interfaces are also included. FW_ALLOW_CLASS_ROUTING basicly enables the network segments that you define in FW_DEV_INT or FW_DEV_DMZ to communicate without the need to create FW_FORWARD rules. So I would say it would increase the performance. Do not forget that when you have virtual interfaces you are actually still using the limints of your one NIC so performance wise it should be less compared to two separate NIC's -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx