On Tue, 2011-06-14 at 15:52 +0200, Simon Matter wrote: > > On Tue, 2011-06-14 at 06:37 -0700, Tom Eastep wrote: > >> On Tue, 2011-06-14 at 10:10 +0200, Simon Matter wrote: > >> > >> > > >> > Could it be that the wildcard interface definition makes problems > >> here? > >> > > >> > >> I'll take a look. But adding the 'routeback' option to the interfaces > >> entry is a workaround. > >> > > > > The attached patch exempts wildcard interfaces from sfilter. > > Hi Tom, > > Thanks for the quick patch, I'll test it ASAP. > > I understand that the wildcard "+" is catched here but how would a > wildcard like "eth+" work in this case?
It works okay, although it generates a rule in the INPUT chain that I'm surprised is accepted by iptables/Netfilter. A second patch is forthcoming that eliminates that rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
