On 5/8/11 2:36 PM, Tom Eastep wrote: > On 5/7/11 9:59 AM, Mr Dash Four wrote: > >>> In *all* Shorewall configuration files, an interface name in the SOURCE >>> column specifies the interface on which the traffic *enters* the >>> firewall (-i option in iptables). >>> >> My point is that if a class is defined for a particular interface (as is >> "a:11" in my case for eth0) this will ever produce only one match and >> that is when this interface is involved, isn't that so? > > No -- it will match traffic going to 10.1.1.1 out of *any* inteface. It > will only be useful if the traffic is going out of eth0. Attached is a > patch that interprets this rule:
Please do not apply this patch. I'm working on a replacement -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
