shorewall-devel December 2011 archive
Main Archive Page > Month Archives  > shorewall-devel archives
shorewall-devel: Re: [Shorewall-devel] Shorewall 4.4.27 RC2 (wit

Re: [Shorewall-devel] Shorewall 4.4.27 RC2 (with corrected patch)

From: Tom Eastep <teastep_at_nospam>
Date: Fri Dec 30 2011 - 15:23:59 GMT

On Thu, 2011-12-29 at 13:18 -0800, Tom Eastep wrote:
> On Thu, 2011-12-29 at 20:12 +0000, Steven Jan Springl wrote:
> > The patch fixes the above issues.
> >
> > However, if DEST contains fw and an IP address e.g.
> >
> > 1:130:F fw:
> >
> > the iptables error still occurs.
> >
> > My testing indicated that specifying a source of fw is valid for :F.
> > Should Shorewall not allow this?
> Steven,
> No. Traffic that originates on the firewall does not traverse the
> FORWARD chain. The reason that it was previously working for you is that
> the compiler was silently substituting OUTPUT for FORWARD. Now it is
> generating an error.

I believe that this patch catches all cases that should not be

Thanks, Steven

-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car \________________________________________________

Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free!

Shorewall-devel mailing list