"Greater is the man who admits his personal shortcomings than the man who boasts to all assembled his superiority and accomplishments in matters of station and profession." --Julius Caesar
Dignity is restored! On Thu, 2008-03-27 at 16:18 -0700, Tom Eastep wrote: > Tom Eastep wrote: > > alex wrote: > >> Dear Tom, thank you for your detail answer but in my configuration > >> (with Shorewall-4.1.6) ONLY one configuration work such as i want - > >> > > > > Then please use it. I don't want to hear about this topic again. > > My apologies to Alex and the list. I should have cooled down before > responding. > > The reason that the macro didn't work properly is because it placed RFC1918 > addresses in the DEST column rather than in the ORIGINAL DEST column (which > is essentially what the 'norfc1918' option does). > > For 4.1.7, I've taken the following steps: > > a) The macro file layout has been extended to include an ORIGINAL DEST > column. This was requested earlier. Note that ORIGINAL DEST may not be > specified in a macro used from within an action body. > > b) I've added a new Rfc1918 macro that has the following body: > ---------------------------------------------------------------------------- > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ > # PORT(S) PORT(S) DEST LIMIT GROUP > FORMAT 2 > PARAM SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \ > DEST > PARAM SOURCE DEST - - -\ > 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > ----------------------------------------------------------------------------- > This macro faithfully reproduces the behavior of 'norfc1918' when used as > shown in my earlier mail. > > Note: 'FORMAT 2' indicates that the macro has the ORIGINAL DEST column > inserted between the SOURCE PORT(S) and RATE LIMIT columns. > I took that approach so that the column would be in its familiar > place (as in the rules file). > > c) The 'norfc1918' option is deprecated for use with Shorewall-perl. > > Alex: This macro does not do what you want. You will still have to build > your own. > > -Tom > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
