bridge on debian with shorewall

man bridge-utils-interfaces

bridge config
/etc/network/interfaces

iface br0 inet static
    bridge_ports eth1 tap0
    address 10.10.10.10
    netmask 255.0.0.0

routeback option for br0
/etc/shorewall/interfaces

#ZONE   INTERFACE       BROADCAST       OPTIONS
loc     br0            detect          routeback

User tags

parallel search pacemaker conntrack ipmi slab vlan munin iops SYN proxy hotplug nfs4 dpkg opcontrol nvidia APU 3Ware dns rtl8723be jackd git qemu arping rsync tin dhclient pam video etch kernel tar MODx rtsp lubuntu cluster gdb core dump java dovecot mdadm Areca backtrace taskset sftp su bug deb ulimit DRBD freedos iowait oprofile mysql sysrq exim cfq ansible pulseaudio pvmove iostat encrypt boot ssh language top keyboard initrd CPAN sg security erase routing tun Salt fio scsi tiger groups SuperMicro cpanm sysfs cache OpenStack apt ps graylog2 gpg NFS youtube exim4 elliptics mount shellshock limit_conn dstat alien soa lenny asoundrc ubuntu squeeze virtualbox ddos sysctl.conf nginx ha xfs dhcp idmapd Adaptec build profiling netfilter arp wordpress HDFS perl numa mkfs bscan AMD rpm glxinfo virt-install route raid tool LVM X forwarding virsh perlbrew opreport alsa gre debootstrap corosync /etc/network/interfaces MegaRAID debian swap xen bonding SpamAssassin RT bash lstat ip PTR find zRam CentOS PXE bind fail2ban docker sublime quagga lxc KVM bridge usb regex raid5 puppet backup xargs shorewall xhost mariadb ipmitool arch cpu usage chromium HTTPS radeon php sysctl storage Swift sysresccd vrrp iSCSI OpenSSL in-addr.arpa fido7 tzdata gtk rkhunter apache equalizer hdparm .htaccess vtysh replication vim noop firefox chroot StorMan LSI htop centos 7 source grub newgrp ardour iptables flash wget cgroups glusterfs lts tftp SSD openvpn drupal qcow2 cpu performance docker-compose bacula leap second vrrpd