On 5/8/11 5:17 PM, Mr Dash Four wrote: > >> Which is what the attached patch does. >> > Ignored as I've seen your other post. > >> Your next post seems to whine about the Shorewall requirement that >> interface names mentioned in SOURCE and DEST columns must be defined in >> /etc/shorewall/interfaces. You can complain all you want but that isn't >> going to change. >> > The reason it isn't there is because it takes no part in any of my zones > nor is it constraint by any of blacklists, rules etc - I will only need > this interface for traffic shaping and maybe accounting at a later stage > - same with "lo" really.
Shorewall knows about 'lo' and sets up ACCEPT rules in and out of that interface. > > If I "register" this interface in the interfaces file, but place a dash > (-) and "ignore" in the options column would that work? > It would make your tcrules compile cleanly. But you must have extremely liberal policies if traffic in and out of such an interface is accepted by the filtering part of Netfilter. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
