Ob Noxious <obn...@gmail.com> wrote:

> Wherever possible, I create a macro to wrap it up. This makes the "rules" 
> files look nice but I still have to manually specify all the info on the 
> "masq" file.
> Ex 1: simple :)
> rules:
> NTP(ACCEPT) { source=lan dest=net:$NTP_HOST }
> masq:
> $IF_NET { source=$LAN adress=$GW_IP proto=udp port=ntp }
> Ok, no big deal really but would look nicer with a macro :)

The first thing that comes to mind is - do you not have any default outbound 
masq rules that will cover most of this ? I normally have a masq rule mapping 
internal networks to the default outside address, and only have per-device masq 
rules if I need something different to that (which isn't that common).

I see from looking at one of my routers that I have param used in my masc file :
ethext:!$MasqExcl   192.168.xx.0/24     nn.nn.nn.nn

Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Shorewall-users mailing list

Reply via email to