Hi Vieri, On 10/3/19 6:10 AM, Vieri Di Paola wrote: > Hi, > > I'd like to add something like this to /etc/shorewall/start: > > modprobe xt_TEE > iptables -t mangle -I PREROUTING -i eth0 -j TEE --gateway 1.2.3.4 > > I have a couple of questions: > > 1) can I add INCLUDE directives in the start file?
Yes -- the INCLUDE action takes place during compilation. > > 2) do I have to use run_iptables instead? Yes. > > 3) can I avoid running modprobe in start and also avoid putting xt_TEE > in /etc/modprobe.d/ to autoload the kernel module? Yes. And, if your kernel is configured for module autoloading, you don't have to do either. > > 4) since start is invoked when shorewall starts, reloads or restarts, > I'd like to know if there's a simple way to make sure only one entry > is inserted and always first. That will always be the case, since the generated script *replaces* the entire existing ruleset with the ruleset represented in the script. > > 5) can I let Shorewall take care of the TEE rule directly, via its config > files? Yes, and that is recommended: /etc/shorewall/actions TEE builtin,mangle /etc/shorewall/mangle: IPTABLES(TEE --gateway 1.2.3.4):P eth0 - -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
