On Friday 30 Dec 2011 15:23:59 Tom Eastep wrote: > On Thu, 2011-12-29 at 13:18 -0800, Tom Eastep wrote: > > On Thu, 2011-12-29 at 20:12 +0000, Steven Jan Springl wrote: > > > The patch fixes the above issues. > > > > > > However, if DEST contains fw and an IP address e.g. > > > > > > 1:130:F 10.1.1.0/24 fw:1.1.1.1 > > > > > > the iptables error still occurs. > > > > > > My testing indicated that specifying a source of fw is valid for :F. > > > Should Shorewall not allow this? > > > > Steven, > > > > No. Traffic that originates on the firewall does not traverse the > > FORWARD chain. The reason that it was previously working for you is that > > the compiler was silently substituting OUTPUT for FORWARD. Now it is > > generating an error. > > I believe that this patch catches all cases that should not be > supported. > > Thanks, Steven > > -Tom
Tom Confirmed, the patch fixes the issue. I have completed my testing. Thanks. Steven. ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
