Mike Jagdis wrote:
>> 2) It seems that the ip address are demasqueraded for the queue log
>> purpose, but not for firewall rules check purpose:
>> - I use
>> ignore any ip.saddr=10.0.0.10
>
>That was intentional at the time. Do you really need to have filter
>rules match on the demasq'd address?
Yes, I have some people that I don't want to waste online time.
I put their ip-addresses in "ignore" lines, so that they can use the
link as long as other people bring and keep it up, but they should not
be allowed to bring or keep the link up. Or maybe I allow them to keep
the link up, but with a shorter time to live.
If I recall well, it worked this way in previous diald versions (maybe
with 0.98.x and 2.0.x linux kernels), this is why I called this behavior
a "problem".
If source/dest addresses have ports in the masq range, I think that it
should not be a problem to demasq them for firewall checking purposes
too. What is the reason for not demasqing them?
Thanks.
--
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
