Andrew Suffield wrote: > If ip_forward is never enabled until shorewall has started, then no > packets will ever pass through the system. You're then left with just > local stuff on the firewall itself, which shouldn't really be an issue > (since you shouldn't be running anything at that point). > > This should be the default behaviour, so I'd be looking into why that > didn't happen.
Well, the ip_forward flag is set after the loading of the modules, but before the loading of the ruleset. I know, small window but it is made worse with the limited resources that Brain has available. So using your logic, the setting of the flag should be the last thing done to ensure that this doesn't happen? Jerry ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
