On Thu, 2011-12-29 at 20:12 +0000, Steven Jan Springl wrote: > The patch fixes the above issues. > > However, if DEST contains fw and an IP address e.g. > > 1:130:F 10.1.1.0/24 fw:1.1.1.1 > > the iptables error still occurs. > > My testing indicated that specifying a source of fw is valid for :F. > Should Shorewall not allow this?
Steven, No. Traffic that originates on the firewall does not traverse the FORWARD chain. The reason that it was previously working for you is that the compiler was silently substituting OUTPUT for FORWARD. Now it is generating an error. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
