> Initialization is accomplished by adding '=0' or '=1' to the > switch name. > > Example (using alternative rule column specification): > > #ACTION SOURCE DEST ... > NFLOG all all ; switch=>logall=1 > Interesting! When was this 'alternative' format introduced (I must've been half-asleep then since it is the first time I am seeing this)? I also take it this format has been documented in shorewall, right?
> Note that netfilter provides no atomic way to define and initialize a > switch so the loading of the ruleset and the initialization of the > switches are distinct operations. > I looked (albeit briefly) in the "condition" kernel module/iptables target sources and that could be easily rectified by allowing an additional value (0 or 1) to be specified when the iptables rule is created. Since Jan Engelhardt is the author (this is part of xtables-addons and not the kernel itself) I may propose this patch to the netfilter devs and see where that takes us. ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: VERIFY Test and improve your parallel project with help from experts and peers. http://goparallel.sourceforge.net _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
