-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/29/20 2:46 PM, Tom Eastep wrote: > On 2/28/20 1:07 PM, Brian J. Murrell wrote: >> On Mon, 2020-02-24 at 16:28 -0500, Brian J. Murrell wrote: >>> > >> I wonder if there is any thought or comment on my proposals >> below? > >>> Would it be infeasible to just leave the mangle table alone if >>> there is no Shorewall configuration that needs to use it? >>> >>> Or alternatively, a shorewall.conf option? >>> >>> Personally I like the former, but the latter is most certainly >>> a step up from mangling (NPI -- OK, maybe kinda) the >>> capabilities file after it's created. > > > In 5.2.4, we'll add an option in shorewall[6].conf to preserve the > mangle table. >
It turns out that there is already a 'MANGLE_ENABLED' setting in shorewall[6].conf, which does what you want (albeit in a very unfriendly way). It simply makes Shorewall keep its hands off of the mangle table, even if entries in the configuration files generate rules in that table. I'll clean that up for 5.2.4. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5cNLsACgkQluaz8kI6 TRD+Yg//Y48eXe83mi5uC7oN9auCrvCa7vPbi1ob74uGq8h+eaCqLBOX5p15IJgb PYK7jXYOlAqIWiug13UDNxmkH7iz5szIea760Y1BGhTwasgSx2jFU5gafbLJTZH6 youi5RF+aB1Jgl7+OF2hUE/Dj9JtacDE83CnBiI8uEUafyf/dxjSiC1D4odPlQRo y6ANS9Rv09lMk8emRRmTnsN+IkyJQGQ18EucOIu7neVYPd1YovdWOHn3dPjUGFRM HgsU6pCg2XKEgJTNyWgNtV06b/h9XfxV4VSMqgFQuCSH2ncwEZbNQvEHxFn9Z6Tg gx+zoFCoBi7Z+FVgEUR2oj/h6P0wXGdXQsQ1akLvCRvaMoy7Gr6LbTrTafj6Iz3c 5NYvG8EbO9Xc8gcKVFoHF/hpMgI848TySJIYZufkBRTI9fIJSibxsIi5C9wr4Jig A23c6Xd5GwYe5pL7omudZeRizbgKEcNp+/d8/YM3AIVtR3GdOuzHUMjCRbJhfrMg Mmzj/tn4bvpFBDQGPLiLmtR1nYsZfs1Zsy+sNLPyiiD1vQ6MGRe3PW1QV97r70my HnF9cuVkmAtSc8jXaXEtCrag6yllCARnBNPMFUn5c1nRe1TwoacyarBLUydgid8P DdyWWC15aXpnADQiCPhvTchEvzPHsMXMi4Iw9sOqI8fBDmKi+DI= =hB60 -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
