On 05/04/2013 06:53 PM, Dash Four wrote: > > > Tom Eastep wrote: >> On 05/04/2013 05:21 PM, Dash Four wrote: >> >> >>>> What are the semantics associated with oif? Given that ip rules are >>>> applied before routing, the output interface has not yet been determined. >>>> >>>> >>> Well, isn't the order Local machine -> Routing Decision -> OUTPUT (raw, >>> mangle, nat, filter) -> POSTROUTING (mangle, nat) -> Local traffic? >>> >>> I am successfully matching traffic using the "oif" parameter, so it must >>> be working. Besides, the iproute2 guys won't put this option there if it >>> doesn't make sense. >>> >> >> My point is that I'm not going to add a feature to Shorewall that I >> can't document the behavior of. Especially something involving iproute2 >> which is essentially undocumented. >> > So you think this "oif" option doesn't make sense then?
It doesn't make sense to add it to Shorewall unless we can tell people why and now to use it. I suspect that it might be useful for handling packets that are rerouted due to actions in the nat or mangle OUTPUT chains if, in fact, it simply matches packets that have previously been routed out of the named interface. But that's only a guess on my part. Also, detection of capabilities in 'ip' is currently not implemented. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
