On Wed, 2011-09-07 at 09:59 -0600, Orion Poplawski wrote: > In http://www.shorewall.net/manpages/shorewall-interfaces.html : > > routeback > > If specified, indicates that Shorewall should include rules that allow > traffic arriving on this interface to be routed back out that same interface. > This option is also required when you have used a wildcard in the INTERFACE > column if you want to allow traffic between the interfaces that match the > wildcard. > > Beginning with Shorewall 4.4.20, if you specify this option, then you > should also specify filter; see above. > > > There is no "filter" above. I think it means to refer to sfilter below ? > > sfilter=(net[,...]) > > Added in Shorewall 4.4.20. This option provides an anti-spoofing > alternative to routefilter on interfaces where that option cannot be used, > but > where the routeback option is required (on a bridge, for example). On these > interfaces, sfilter should list those local networks that are connected to > the > firewall through other interfaces. > > > Or are we missing a section on "filter"?
That section should have referred to "sfilter". "filter" was the original name, but I changed it to "sfilter" during the Beta and we are still finding places that I missed. > > > I've found that I need the routeback option on my dmz network now that I have > two networks on that interface. No idea what I should add for filter/sfilter > though to that line. > As I corrected the above typo, I also changed the text to mention that "routefilter" on all interfaces is another acceptable workaround (for IPv4) in addition to "sfilter". -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
