On Sat, 2008-03-29 at 23:00 -0700, Tom Eastep wrote: > > As long as you bring up networking before Shorewall, there is not a thing > that Shorewall can do to solve this problem
I think you are confusing two different races. Yes, a race exists in that window of time when networking is brought up but before shorewall gets rules installed. There is another window within the above window which starts with netfilter seeing packets and keeping conntrack state for them. I suspect that this happens not as soon as networking is up, but sometime after that when the conntrack modules are loaded. I also suspect that it happens before the NAT rules are applied. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
