> The somewhat imposing attached patch corrects this problem. > The released 19.2 version fixes this.
As I have started compiling my TC policies now, I have one more query for something I haven't thought of until now - when the host machine (on which shorewall operates) initiates a TCP connection this connection is bi-directional - information flows in both directions. So, presumably, I have to account (and define!) both parts of this connection (i.e. via tcrules as well as tcfilters for the "opposite" side), right? This becomes even trickier with UDP connections (VOIP in particular, which is what I am mostly after) - with VOIP connections, especially when there are "fascist" firewalls built by admins like myself, the VOIP client needs to punch a hole through the firewall (I define a strict range of ports, programs and conditions under which this is allowed) and connect to the server, then let the server send VOIP data to the client. In other words, the connection is established by the client, but is used by the VOIP server on the opposite side of that connection. Given that, I take it I have to account for this in tcrules, but most importantly (as data will flow mainly from the opposite direction), I have to define the proper class to fit that flow in tcfilters, right? The difficult part (well, for me anyway) is that with tcfilters I have very little to play with - the ports on both sides are (almost) random and I do not have the luxury of using ipset or any other way to ID this flow, except, may be the destination host, but that is not 100% guaranteed in my case. Any other ideas? ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
