On Mon, Mar 24, 2008 at 11:09:55AM -0400, Brian J. Murrell wrote: > But yes, I agree that > policy routing and general firewalling are only very loosely related if > at all and only by nature of the firewalling rules marking packets for > policy routing.
The underlying problem is that shorewall's basic design is that of a more or less optimal way to configure netfilter, and that's completely different from what a roughly optimal routing configuration package would look like. Trying to build either of them on top of the other is doomed to failure; you need two systems that sit side by side and don't interfere with each other. It would be nice if somebody were to make something like shorewall for routing. I'm almost as tired of writing routing tables by hand as I was of writing iptables scripts. (And while you're at it, linux's routing system could use some love, it appears to have been written by somebody who thought that IOS was a good example). ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
