On 05/12/2013 09:18 AM, Dash Four wrote: > > Tom Eastep wrote: >> On 05/12/2013 08:52 AM, Tom Eastep wrote: >> >>> Patch attached. It has uncovered an optimizer bug that is leaving a few >>> unreferenced chains behind; I'll chase that today. >>> >> >> This patch seems to correct the optimizer. >> > Is that for the extra ACCEPT rule for 'lo' or something else?
It is for extra chains left behind. No traffic can come from the loopback device that hasn't already been sent out of it. As a consequence, filtering in the INPUT chain is superfluous and any 'local -> fw' rules will be optimized away with the patch I sent earlier. All that will be left is the ACCEPT rule. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
