On 05/04/2013 05:21 PM, Dash Four wrote: >> >> What are the semantics associated with oif? Given that ip rules are >> applied before routing, the output interface has not yet been determined. >> > Well, isn't the order Local machine -> Routing Decision -> OUTPUT (raw, > mangle, nat, filter) -> POSTROUTING (mangle, nat) -> Local traffic? > > I am successfully matching traffic using the "oif" parameter, so it must > be working. Besides, the iproute2 guys won't put this option there if it > doesn't make sense.
My point is that I'm not going to add a feature to Shorewall that I can't document the behavior of. Especially something involving iproute2 which is essentially undocumented. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
