László Balogh wrote: > > So I corrected it to the following: > > #MARK SOURCE DEST PROTO PORT(S) CLIENT USER > TEST LENGTH TOS > # > RESTORE 0.0.0.0/0 0.0.0.0/0 all
RESTORE:F 0.0.0.0/0 0.0.0.0/0 # RESTORE ANY MARK PREVIOUSLY SAVED BELOW
# IF THERE WAS SUCH A MARK, IT IS NOW
# THE PACKET'S MARK
> CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0
CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 # IF THE PACKET IS NOW MARKED,
# DON'T RUN THE CHAIN OF
# RULES AGAIN
> 2:F 192.168.101.11 eth0 all
> 2:F eth0 192.168.101.11 all
> 3:F 192.168.101.12 eth0 all
> 3:F eth0 192.168.101.12 all
> 4:F 192.168.101.13 eth0 all
> 4:F eth0 192.168.101.13 all
> ...
> 31:F 192.168.101.40 eth0 all
> 31:F eth0 192.168.101.40 all
> 32:F 192.168.102.0/24 eth0 all
> 32:F eth0 192.168.102.0/24 all
> SAVE 0.0.0.0/0 0.0.0.0/0 all
SAVE:F 0.0.0.0/0 0.0.0.0/0 # SAVE THE MARK WE MADE ON THIS PACKET IN
# IN THE CONNECTION SO THAT WE DON'T HAVE
# TO PASS *EVERY PACKET IN THE
# CONNECTION* THROUGH THE SAME SET OF 64
# RULES!!!
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
