Tom I have just been doing some testing of NOTRACK and have come across a discrepancy. The NOTRACK manual page states that only addresses are allowed in the DESTINATION column, while two shorewall compiler messages suggest that an interface is also allowed. Additionally Shorewall allows an interface to be coded, but then generates an invalid iptables rule.
EG coding: lan:eth0 zzz produces the message: ERROR: Unknown interface (zzz) .... If I code both an interface and an IP address: lan:eth0 eth0:1.2.3.4 this produces the message: ERROR: DEST interface may not be specified with a destination IP address in the PREROUTING chain ... If I then code a valid interface: lan:eth0 eth0 the following invalid rule is generated: -A lan_notrk -i eth0 -d ETH0_NETWORKS -j NOTRACK Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
