> Tom Eastep wrote:
>> alex wrote:
>>> Dear Tom, thank you for your detail answer but in my configuration
>>> (with Shorewall-4.1.6) ONLY one configuration work such as i want -
>>>
>>
>> Then please use it. I don't want to hear about this topic again.
>
> My apologies to Alex and the list. I should have cooled down before
>responding.
>
> The reason that the macro didn't work properly is because it placed
>RFC1918 addresses in the DEST column rather than in the ORIGINAL DEST
>column (which is essentially what the 'norfc1918' option does).
>
>For 4.1.7, I've taken the following steps:
>
> a) The macro file layout has been extended to include an ORIGINAL DEST
> column. This was requested earlier. Note that ORIGINAL DEST may not be
> specified in a macro used from within an action body.
>
> b) I've added a new Rfc1918 macro that has the following body:
> ----------------------------------------------------------------------------
> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
> # PORT(S) PORT(S) DEST LIMIT GROUP
>FORMAT 2
> PARAM SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
> DEST
> PARAM SOURCE DEST - - -\
> 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> -----------------------------------------------------------------------------
> This macro faithfully reproduces the behavior of 'norfc1918' when used
>as
> shown in my earlier mail.
>
> Note: 'FORMAT 2' indicates that the macro has the ORIGINAL DEST column
> inserted between the SOURCE PORT(S) and RATE LIMIT columns.
> I took that approach so that the column would be in its familiar
> place (as in the rules file).
>
> c) The 'norfc1918' option is deprecated for use with Shorewall-perl.
>
> Alex: This macro does not do what you want. You will still have to build
>your own.
I am very obliged to you Tom. I understand that you make very BIG work
and very busy. But i really think that RFC1918 theme useful for many
people and want to help to make it clear and easy in Shorewall (and bugfree
of course).
Thank you VERY MUCH for your help and excellent work.
Shorewall REALLY make iptables (and not only iptables) much more easy.
Alex
----
Я тут! Найди своих друзей и знакомых на TUT.BY!
http://i.tut.by/
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
