On Nov 21, 2011, at 6:13 AM, Thibault Hild wrote:
> Thank you Tom for the hint.
> I will try the 'routefilter' option this evening.
>
> By the way, why is this option not needed in revision 4.4.15 ?
To avoid connection tracking attacks from IP spoofing, Shorewall now prevents
hairpinning (routing a packet out of the same interface it entered on) when
neither 'routeback' nor 'routefilter' is specified.
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
