-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/26/20 1:52 PM, J Cliff Armstrong via Shorewall-users wrote: > Shorewall 5.2.3.6 > > Further testing of the redirect rules mentioned in a previous > thread seems to indicate that using `!&<interface>` in the > `ORIGDEST` column of the `/etc/shorewall6/rules` file does not > cause that rule to exclude packets with the link-local IP of the > gateway as their original destination. > > For example... > >> DNS(REDIRECT) lan 53 - - - !&lan > > ...causes dns queries to the link-local v6-IP of my gateway's lan > interface to be redirected. But... > >> DNS(REDIRECT) lan 53 - - - >> !&lan,fe80::blah:blah:blah > > ..., correctly, does not. Is this intended behavior? The > documentation (shorewall-rules manpage) seems to imply all IPs of > the interface are covered by `&<interface>` but I may be reading > too much into it. >
It is only the primary IP address of the interface. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5W7F4ACgkQluaz8kI6 TRD0ZBAAseuZE76whVc9YWJamHeWm1DuLKRPik9y71BcQWfkS6qfy1jglQEeq0st pAkFqMduVucX9V0gzvKNSDmI2fsSuWbL98yOtTcDuZOE4RkC2gAZoKWnsJppxZnJ Uh8PoMaRWeHz/Y+uUV+3CxqViDnikXLhrwsTe5TcWvVbMhJSy73WmBbE5OLdoexo ZKmBXZurj98ZwrsE6ZvtmXK/qZDCnK4CdU1aZ86blaniUBeZSK/3tshubBn8yCKQ 44YgbLXb5ZxM/ITknZPU9SrZ8JoN4UWTU6GZ1/v8UhL1kcqtQjBvH815bI+mFFFT fc/iRlxVkN8ryOlPOB1r8rMgFJaUj/0HBNMeiABA8DDk4pJyxL27nwcrDl/TvhM3 udCfFps3/gfYq2MDtHorGWYcVgriU3P6WRCE9Ko4xXchFs4WfSW1pqb4YOxTx5/7 BlGfcWIWP0t3TRMnPPTnnd5U3p03A88kHUkAQeq60OaErnraPpEtAv0fHkTooAX8 25Oqr+j/uwxLPgWL4VOa6M8RN6Lg3XY+cJYvrQG23Kp/vKbjzG9DOwRhEgRgtsfM 0SeH8oHDLfGW85C2C5DQAll68Ik29RDIkO/v84C692hGseXreX5vovHKZOchEQ/A 8BTxwM7yTTrS3nbW8cEuPsRcJZt3LA7OKmIpb0uxioe/Qnziv+M= =RzAd -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
