On Thursday 29 Dec 2011 16:05:18 Tom Eastep wrote: > On Wed, 2011-12-28 at 22:46 +0000, Steven Jan Springl wrote: > > I have done some further testing of ':P' and ':F' and have found that: > > > > ':F' produces an iptables error if DEST is fw. > > > > ':P' produces an iptables error if DEST is fw. > > > > ':P' produces an iptables error if SOURCE is not fw. > > Steven, > > This patch eliminates ':P' and complains if :F is used when the SOURCE > or DEST is $FW. > > Thanks, > -Tom
Tom The patch fixes the above issues. However, if DEST contains fw and an IP address e.g. 1:130:F 10.1.1.0/24 fw:1.1.1.1 the iptables error still occurs. My testing indicated that specifying a source of fw is valid for :F. Should Shorewall not allow this? Steven. ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
