alex wrote:
Please, sorry, Tom but i agin want to talk about RFC1918. Now i use follow rule in 'rules' file:REJECT! all net:$RFC1918_NETS so as norfc1918 interface option don't work properly for me. I have questions about this situation. In what cases this option (norfc1918) would work effective? Are my config such unique? May be change its (norfc1918 option) realization so as it can satisfy all cases?
The 'norfc1918' option is an artifact -- if I were to re-design Shorewall, I would definitely leave it out, You may have noticed that the 'rfc1918' file no longer appears in the 4.0 documentation. Take that as a hint that the option is gradually being phased out.
An rfc1918 macro as follows will do everything that the 'norfc1918' option did and more:
PARAM SOURCE DEST:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 PARAM SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 DEST Note -- the above macro only works with Shorewall-perl 4.0.9 or later. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
