On 06/09/2012 13:57, Meetoo Ashvin wrote: > Hello, > > I am migrating my firewall to a new Debian server. I used to configure > my adsl interfaces with the norfc1918 flag but it has been removed in > the newer versions. I've read in the archives that the successor to > 'norfc1918' is changing the global NULL_ROUTE_RFC1918 to Yes in > shorewall.conf. > > This is a problem for me because I don't want this to apply to all my > interfaces. I have specific routes defined through other internal > interfaces and when I activate NULL_ROUTE_RFC1918=Yes in shorewall.conf > it overrides my routes and I can no longer access them. > > Is there a workaround? > > Thanks. >
Hi, If you have routes that are more specific than: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 it shouldn't matter. Eg: 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1 unreachable 192.168.0.0/16 Net: 192.168.0.0/24 remains reachable because it is more specific than 192.168/16 Laurent ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
