Hi all, I want to create a shorewall config that routes all packets that would be dropped to a gateway on a separate interface. I try do it by modification of the DROP target to mark these packets with a INTERCEPT connmark (and ACCEPT them) and use a different routing table (std. policy routing) with a default route to the separate interface. The problem: I want to use the filter tables generated by shorewall to do the filtering, but the packets are already routed when they reach the filter tables. So I cannot route the first packet of a connection to this special interface, hence no real connection intercept is possible.
Any ideas for workarounds? greets, Roman ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
