On 7/3/10 12:29 PM, Tom Eastep wrote: > On 7/2/10 8:39 PM, Tom Eastep wrote: >> On 7/2/10 7:09 PM, Oliver Schmidt wrote: >>> Hi Tom, >>> >>>> No. Netfilter doesn't support that so Shorewall can't support it either. >>>> >>> As far as I can see, the only problem is the ctorigdst matching in the >>> ACCEPT rule, which of course does not support ipsets. >>> >>> Putting the redirect rule in the nat-table with the set-matching active >>> is working - perhaps it would be possible to mark those packets that >>> gonna be redirected and then filter them by that mark in the appropriate >>> INPUT/FORWARD chains? >> >> Sorry -- I'm not putting those kinds of hacks into Shorewall. > > I should point out, however, that an ipsec *can currently* be used in
I meant to type 'ipset', of course. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
