Hi Tom, So I should set USE_DEFAULT_RT=No then? If it's enabled then my policy routing that shorewall does is broken.
Thanks, James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 [apologies for top-posting] ________________________________________ From: Tom Eastep [teas...@shorewall.net] Sent: Thursday, 2 October 2014 10:12 PM To: Shorewall Users Subject: Re: [Shorewall-users] USE_DEFAULT_RT changed to Yes On 10/1/2014 10:29 PM, James Andrewartha wrote: > Hi, > > I see that in 4.6.0 [1], USE_DEFAULT_RT was changed to Yes by default. I > couldn't find any documentation of this change in the release notes. I > can see why this change was made, however I want to use quagga for > routing, which inserts routes into the main routing table. Although it > looks like zebra (part of quagga) can be configured to use a different > table [2]. I also have a VPN with a subnet routed behind it. > > The main thing for me is that policy routing needs to keep working, so > #5 at [3] indicates that just setting USE_DEFAULT_RT=No is the quick > fix. However you've indicated that you want to deprecate it, so what > other options are there? Should I just set zebra to drop its routes into > the balance table? Will they get removed when restarting shorewall? > > [1] > http://sourceforge.net/p/shorewall/code/ci/cea237620a136b5f75415f62449d885eaf9e6c3d/ > [2] http://www.nongnu.org/quagga/docs/docs-info.html#Static-Route-Commands > [3] http://shorewall.net/MultiISP.html#USE_DEFAULT_RT > You should just let quagga put its routes into the main table, since that is the table that will be searched first and is the only table that isn't rebuilt during a restart. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
