Brian J. Murrell wrote: > On Wed, 2007-18-04 at 17:40 -0700, Tom Eastep wrote: >> Brian J. Murrell wrote: >>> On Wed, 2007-18-04 at 14:14 -0700, Tom Eastep wrote: >>>> You're correct (It's been a while since I thought about why I did >>>> HIGH_ROUTE_MARKS). So long as you don't try to use SAVE/RESTORE rules, you >>>> should be ok. HIGH_ROUTE_MARKS provides a way to do SAVE/RESTORE safely >>>> while still using 'track' (which also does SAVE/RESTORE). >>> I think even SAVE/RESTORE could be used as long as they use masks and >>> 'track'ing used netmasks as well, no? >> No Brian. Shorewall generates RESTORES with mask 0xff. > > Yes, I realize it does currently. My proposition is to use a mask that > masks off the high-order bits. Only 1 bit if two providers, 2 bits if 4 > or less, 3 if 7 or less, etc. Of course the trade-off is the more > providers, the less bits you have to do other marking. But really, how > many providers can one person have? :-)
I'm lost. What is the difference between that and what HIGH_ROUTE_MARKS=Yes does already (except for the width of the fields). I believe that to do what you are proposing requires the same capabilities. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
