Re: [Shorewall-users] rfc1918 macro

Thu, 27 Mar 2008 16:17:47 -0700 

Tom Eastep wrote:

alex wrote:

    Dear Tom, thank you for your detail answer but in my configuration
(with Shorewall-4.1.6) ONLY one configuration work such as i want -



Then please use it. I don't want to hear about this topic again.


My apologies to Alex and the list. I should have cooled down before responding.
The reason that the macro didn't work properly is because it placed RFC1918 addresses in the DEST column rather than in the ORIGINAL DEST column (which is essentially what the 'norfc1918' option does). 

For 4.1.7, I've taken the following steps:

a) The macro file layout has been extended to include an ORIGINAL DEST
   column. This was requested earlier. Note that ORIGINAL DEST may not be
   specified in a macro used from within an action body.

b) I've added a new Rfc1918 macro that has the following body:
----------------------------------------------------------------------------
#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  ORIGINAL RATE   USER/
#                               PORT(S) PORT(S) DEST     LIMIT  GROUP
FORMAT 2
PARAM   SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
                DEST
PARAM   SOURCE  DEST    -       -       -\      
                                     10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-----------------------------------------------------------------------------
   This macro faithfully reproduces the behavior of 'norfc1918' when used as
   shown in my earlier mail.

   Note: 'FORMAT 2' indicates that the macro has the ORIGINAL DEST column
         inserted between the SOURCE PORT(S) and RATE LIMIT columns.
         I took that approach so that the column would be in its familiar
         place (as in the rules file).

c)  The 'norfc1918' option is deprecated for use with Shorewall-perl.
Alex: This macro does not do what you want. You will still have to build your own. 

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to