>> My point is that if a class is defined for a particular interface (as is >> "a:11" in my case for eth0) this will ever produce only one match and >> that is when this interface is involved, isn't that so? >> > > No -- it will match traffic going to 10.1.1.1 out of *any* inteface. It > will only be useful if the traffic is going out of eth0. Attached is a > patch that interprets this rule: > > a:11 - 10.1.1.1 tcp 22 > > as > > a:11 - eth0:10.1.1.1 tcp 22 > > (assuming that eth0 == device a). > Am I likely to face similar issues with tcfilters?
Same scenario: tcfilters ba:11 10.1.1.1 - tcp 22 bb:21 10.1.1.1 - tcp 22 (ba is the ifb0 device derived from eth0, bb is the ifb1 device derived from tun0). Should I assume that packets would get properly "redirected" to the interface that class belongs to? ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
