Wildcard lines in the interfaces file appear incompatible with the
routefilter option:
afl eth2.+ detect dhcp,routefilter
Gives this in the compiled script:
if [ -f /proc/sys/net/ipv4/conf/eth2.+/rp_filter ]; then
echo 1 > /proc/sys/net/ipv4/conf/eth2.+/rp_filter
else
Which will fail, obviously.
Also, the behaviour of the ROUTE_FILTER option is decidedly strange:
setting ROUTE_FILTER to 'yes' disables rp_filter on all interfaces
that don't have the routefilter option set in the interfaces
file. This is particularly annoying when combined with the above
problem.
And I'm pretty sure that this is wrong:
for f in /proc/sys/net/ipv4/conf/*; do
[ -f \$f/log_martians ] && echo 0 > \$f/rp_filter
done
That should probably say 'rp_filter' and not 'log_martians'.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
