> Look at the first rule again. Apparently, there is an optional interface
> that is not currently up so Shorewall uses an unmatchable address
> (0.0.0.0) in that case.
>
I have also looked at one of my other machines (running 19.3 though) and
in there I see exactly the same situation:
Chain smurfs (6 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN all -- * * 0.0.0.0
0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0
0.0.0.0/0 [goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4
0.0.0.0/0 [goto]
That system has 4 interfaces and they are all UP and RUNNING. To me, the
2nd and last statements will never execute - at all!
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
