>> I am very obliged to you Tom. I understand that you make very BIG work
>> and very busy. But i really think that RFC1918 theme useful for many
>> people and want to help to make it clear and easy in Shorewall (and
>>bugfree
>> of course).
>
> You are welcome, Alex.
>
> Using iptables for RFC1918 filtration really isn't the best approach in
>many cases. It's generally better to null-route the RFC 1918 ranges:
>
> ip route add unreachable 10.0.0.0/8
> ip route add unreachable 172.16.0.0/8
> ip route add unreachable 192.168.0.0/16
>
> and enable route filtering on your external interface(s).
>
> This approach is not without its hazards though. Consider if you were a
>customer of an ISP who uses RFC 1918 addresses for its DHCP servers.
Thank you very much for help Tom.
I made follow:
1. add options 'routefilter' and 'logmartians' for external interface
in 'interfaces' file
2. add your lines above to 'init' file (i create it self) in Shorewall
config directory (only change 172.16.0.0/8 to 172.16.0.0/12)
3. Comment out my rfc1918 rule in 'rules' file.
Restart Shorewall and all work OK.
Only one remark. Information about 'init' file i found only in
releasenotes.txt for 4.1.6 (for setting up 'ifb' module) and i found
'initdone' file in Shorewall config directory and without manfile also.
For me not very clearly as it use.
Thank you,
Alex
----
Я тут! Найди своих друзей и знакомых на TUT.BY!
http://i.tut.by/
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
