In http://www.shorewall.net/manpages/shorewall-interfaces.html :
routeback
If specified, indicates that Shorewall should include rules that allow
traffic arriving on this interface to be routed back out that same interface.
This option is also required when you have used a wildcard in the INTERFACE
column if you want to allow traffic between the interfaces that match the
wildcard.
Beginning with Shorewall 4.4.20, if you specify this option, then you
should also specify filter; see above.
There is no "filter" above. I think it means to refer to sfilter below ?
sfilter=(net[,...])
Added in Shorewall 4.4.20. This option provides an anti-spoofing
alternative to routefilter on interfaces where that option cannot be used, but
where the routeback option is required (on a bridge, for example). On these
interfaces, sfilter should list those local networks that are connected to the
firewall through other interfaces.
Or are we missing a section on "filter"?
I've found that I need the routeback option on my dmz network now that I have
two networks on that interface. No idea what I should add for filter/sfilter
though to that line.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane [email protected]
Boulder, CO 80301 http://www.cora.nwra.com
------------------------------------------------------------------------------
Using storage to extend the benefits of virtualization and iSCSI
Virtualization increases hardware utilization and delivers a new level of
agility. Learn what those decisions are and how to modernize your storage
and backup environments for virtualization.
http://www.accelacomm.com/jaw/sfnl/114/51434361/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
