On 5/11/13 6:11 PM, "Tom Eastep" <[email protected]> wrote:
>On 5/11/13 5:51 PM, "Tom Eastep" <[email protected]> wrote: > >>On 5/11/13 4:25 PM, "Dash Four" <[email protected]> wrote: >> >>>What I have as part of my configuration on one of the servers is a local >>>zone defined for the loopback interface, which has 5 ip addresses >>>(127.0.0.1-127.0.0.5). I see that shorewall has generated local2* >>>sub-chains in my local_frwd chain, as well as *2local for all other >>>zones, but these will *never* match any traffic. >>> >>>Is there a way this could be optimised away, perhaps with using a new >>>option for the interface ('local' maybe), indicating that this zone is >>>local and instruct shorewall not to attempt to generate all these >>>non-sensical sub-chains? >> >>You can make them 'server' zones. > >'vserver' -- those are sub-zones of $FW Or, you can use NONE policies to suppress the chains that make no sense. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
