On 01/27/2013 03:54 PM, Tom Eastep wrote: >> For example, if I want my ESTABLISHED state to take precedence (by >> "precedence" I mean traverse the absolute minimum set of rules), I can't >> really control that. > > I think that the right thing to do there is to redefine FASTACCEPT to > only include ESTABLISHED state. Then FASTACCEPT=Yes puts the ESTABLISHED > accept rule very early. In fact, I should do that for this release > (given the recently discovered issues with RELATED).
I reviewed how FASTACCEPT works and I'm not sure I'll change it. If RELATED_DISPOSITION is anything but 'ACCEPT' or if RELATED_LOG_LEVEL is set, then only ESTABLISHED packets are accepted early. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
