>>> 6. Shorewall(-lite): The following could be optimised: >>> >>> interfaces ~~~~~~~~~~ vpn eth1 >>> arp_filter=1,arp_ignore=2,logmartians=1,nets=10.1.1.0/24,nosmurfs,routefilter=1,tcpflags >>> >>> >>> red eth2 >>> arp_filter=1,arp_ignore=2,logmartians=1,nosmurfs,routefilter=1,tcpflags >>> >>> Produces: >>> >>> -A vpn2net -s 10.1.1.0/24 -m conntrack --ctstate NEW,INVALID -j >>> smurfs -A vpn2net -m conntrack --ctstate NEW,INVALID -j smurfs [...] >>> -A vpn2net -p tcp -s 10.1.1.0/24 -j tcpflags -A vpn2net -p tcp -j >>> tcpflags >>> >>> This could be optimised to just the second line in both statements >>> above (I have OPTIMIZE=15 in shorewall.conf) >> >> >> I'll see what I can do. > > Patch attached. Yep, that now works as expected.
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
