>> Good! I presume the outcome would be the same if I "duplicate" other >> parts of the iptables statement (source port, user id and so on), correct? >> > > For those that can't be duplicated, yes. But I wouldn't guarantee that the > logic there is perfect, because it was created to catch screwups in > Shorewall's rule generation and not user-supplied input. I'm sure that > there will be cases where Shorewall will be silent but iptables will > complain. > No problem, nobody expects that to be, particularly given the "raw" nature of the INLINE statement.
As I said before, my thinking is that if INLINE is used, then in such case the responsibility lies solely on the user not to make any screw-ups. In such scenario, all bets are off so to speak, so anything that shorewall checks and indicates as possible error is a bonus really. When I test this, I'll just highlight potential omissions (of possible checks), but nothing more. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
