-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/27/2016 12:29 PM, Philip Le Riche wrote: > As I said, traceroute is being used on the Pis, not the firewall, > so after leaving a raw socket on a Pi they should still hit the IP > stack on the firewall and get filtered and routed by Shorewall like > anything else. My question remains. > > Useful to know about traceroute and raw sockets though - like many > things, obvious when you think about it. I was going to set up > similar rules with $FW as source purely for testing and > diagnostics.
Okay -- what are the setting of MARK_IN_FORWARD_CHAIN? If it is Yes, then you need to alter your mark rules to include the :P chain designator. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYEmL/AAoJEJbms/JCOk0QNEwP/RPbZJHF+BA7NAsWn6ROWH+b 8hSlW/waxplsQSFMpaA+f4bnRweZunzI9C0/hu99Mhm6U9EOrNpf7ixUd7uBPNBw 8DLVwfkp4yY6swd0RG26O6n1rFatIw8KibgQCQR/9/hpR1mt5CKjMqQxGjekAR68 24tjD312FqVxdRDaWbN/tt7u98zT2jXWC326XA5OpGMwROkwcKFa3+3PCMEK8Kuj EGFWszItMTKI58VjXBeUcia3Chcgb84U/KJtoVt6a2Q3K2dXDmuUAusuiGdfk/D0 MdJX61cdEYcBHqUzHr3xXnqPsm9IZQoCL+V0x3FHfXWkzvRwvliHvS3GPhLWDHTS Q4ebDCuzE9d+4X4Ewb/Lyu8TL+Jm0fyPLRsv19qYwJD/g+UQFrHV2dWSkZacHpt8 607IPRUeFbxkXFUT6xDhSi0rWRsdeg/SkzfvolmkajVK49yYCDb26cA8Ahzav9dB Os98tHzd119zLSOaXXJ7A/1e7lFpftejAED7eKxVPwkMuj+D8EQOvZu4Z/MrkJoS 3caVWpHJHLZVO34qYYk94Ch+Vwb0EbeiqmF/qLzMDJ5iulXioqTiPqd/hnE6uBsi nyzUtiGeQAJOKy71xzslfDXkhchQUIMV+kwDHiG4Cvh5cHilz+1iTAqw9s/AyPLm l3pzh5MYOKs7dTjbBoH4 =Y/co -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
