On Sat, 2008-03-29 at 22:39 -0700, Tom Eastep wrote: > > Sure -- same solution that has always been available. Start Shorewall before > you start networking.
Yes, but... > Of course you can't use any of Shorewall's features that rely on detecting > the current network configuration... Right. I was thinking/hoping for a solution that was more elegant. Such as I suggested perhaps... preventing packets from hitting the conntrack state engine before the nat rules were set up. Is it technically impossible to do that with iptables? I've never really played much with module loading order and dependencies of iptables. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
