Tom Eastep wrote: > On 05/14/2013 09:29 AM, Tom Eastep wrote: > >> On 05/13/2013 04:49 PM, Tom Eastep wrote: >> >> >>> Actually, the rule is generated but then optimized away. So the warning >>> will need to be issued when the 'local2fw' chain contains rules but, we >>> don't generate any jumps to it. >>> >>> >> The attached patch predicts when a rule will be optimized away because >> of 'destonly' and issues a warning when the rule is processed. >> > > This patchlet restores the INPUT ACCEPT rule for the loopback interface > when a local zone has the 'destonly' option. > Yep, that seems to work now. Similarly, when I have "local" and then proceed to create something like "ACCEPT net local tcp 8080" I don't get a warning there either.
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
