>>> The 'norfc1918' option is an artifact -- if I were to re-design Shorewall,
>>> I would definitely leave it out, You may have noticed that the 'rfc1918'
>>> file no longer appears in the 4.0 documentation. Take that as a hint that
>>> the
>>> option is gradually being phased out.
>>>
>>> An rfc1918 macro as follows will do everything that the 'norfc1918' option
>>> did and more:
>>>
>>> PARAM SOURCE DEST:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
>>> PARAM SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 DEST
>>>
>>> Note -- the above macro only works with Shorewall-perl 4.0.9 or later.
>>>
>>> -Tom
>>
>> I found file 'rfc1918' in directory with other macro files but its
>> name haven't prefix 'macro.' and it have differ syntax from other macros.
>
> It is _not_ a macro. It is a data file that drives the behavior of the
>'norfc1918'.
>
> -Tom
Ok Tom.
Now instead my rule in 'rules' file:
REJECT! all net:$RFC1918_NETS
i create macro 'macro.rfc1918' with content(literally):
PARAM SOURCE DEST:$RFC1918_NETS
# PARAM SOURCE:$RFC1918_NETS DEST
(i comment out second string so as in opposite case i haven't
access from internal networks to Internet)
And add follow rule in 'rules':
rfc1918(REJECT!) all net
This work same as old rule.
Am i right?
Alex
----
Спрос на экспресс-кредиты в Белгазпромбанке растет:
кредит «Фирменный» и кредит «Просто деньги»
http://www.belgazprombank.by/6788242.html
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
