shorewall-devel December 2011 archive
Main Archive Page > Month Archives  > shorewall-devel archives
shorewall-devel: Re: [Shorewall-devel] Shorewall 4.4.27 RC2 (wit

Re: [Shorewall-devel] Shorewall 4.4.27 RC2 (with corrected patch)

From: Tom Eastep <teastep_at_nospam>
Date: Thu Dec 29 2011 - 21:18:40 GMT
To: shorewall-devel@lists.sourceforge.net

On Thu, 2011-12-29 at 20:12 +0000, Steven Jan Springl wrote:
> The patch fixes the above issues.
>
> However, if DEST contains fw and an IP address e.g.
>
> 1:130:F 10.1.1.0/24 fw:1.1.1.1
>
> the iptables error still occurs.
>
> My testing indicated that specifying a source of fw is valid for :F.
> Should Shorewall not allow this?

Steven,

No. Traffic that originates on the firewall does not traverse the
FORWARD chain. The reason that it was previously working for you is that
the compiler was silently substituting OUTPUT for FORWARD. Now it is
generating an error.

Thanks,

-Tom
-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox

_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel