Tom Eastep wrote: > DI Roman Fiedler wrote: > > >> Any ideas for workarounds? >> > > No. Shorewall does filtering in the 'filter' table which, as you have > noted, is traversed after the packets have been routed. > > -Tom > > Is there any way to push the packet back to the start? I noticed that there are some strange targets I do not fully understand (like MIRROR, NFQUEUE). The original packet could be dropped but an indentical copy would enter protocol stack again, so that the conntrack setups are already ok, all marks are correct so that prerouting would work as expected (make the first packet the second so that it will work).
Roman ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
