> A careful reading of the manpage reveals that a zone is required in the
> SOURCE column (and 'all' is appropriate for your use) while a zone is
> disallowed in the DESTINATION column (remember that the packet hasn't
> been routed yet so the destination zone is as yet unknown).
>
> Note: When a destination interface is specified, the generated script
> has to use the routing table to produce a list of destination networks,
> then generates one rule for each network.
All noted - I must have been half-asleep when testing this last night.
> The implementation of actions is heavily integrated with processing of
> the rules file and is not available in other files. That's one of the
> items on my wish list but it will require a large effort.
It would be nice to have it so that I could extend my logging to this tables
with little effort, but if not, I'll revert to my old friend - "started".
> These messages are a result of Shorewall probing the system to determine
> what helpers are available.
>
> There are two ways to suppress them:
>
> - set LOAD_HELPERS_ONLY=Yes in shorewall.conf.
If I do that, according to the man pages, that won't load my other non-ct
modules ("...restricts the set of modules loaded by shorewall to those listed
in /var/lib/shorewall/helpers") which isn't what I want as I have various other
modules (not ct-related) which need to me loaded and these are listed in the
modules.* files.
> - generate a capabilities file (shorewall show -f capabilities >
> ${CONFDIR}/shorewall/capabilities), then edit the file to turn off
> HELPER_MATCH (set the variable to the empty value).
I don't want to do that either because when I upgrade shorewall, the chances of
new capabilities existing in that version which won't be included in the
existing "capabilities" file are pretty high and I am not about to run the
update or regenerate all my capabilities file with every shorewall update.
Besides, if that turns out to be the case, then I am going to have another
shorewall message telling me that my capabilities file is out of date -
lose-lose scenario!
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
