On 11/29/2012 04:44 AM, Mr Dash Four wrote: > >> Initialization is accomplished by adding '=0' or '=1' to the >> switch name. >> >> Example (using alternative rule column specification): >> >> #ACTION SOURCE DEST ... >> NFLOG all all ; switch=>logall=1 >> > Interesting! When was this 'alternative' format introduced (I must've > been half-asleep then since it is the first time I am seeing this)? I > also take it this format has been documented in shorewall, right?
It was introduced in 4.4.24 after a long discussion on this list. This format (along with many other useful tips) is documented at http://www.shorewall.net/configuration_file_basics.htm. > >> Note that netfilter provides no atomic way to define and initialize a >> switch so the loading of the ruleset and the initialization of the >> switches are distinct operations. >> > I looked (albeit briefly) in the "condition" kernel module/iptables > target sources and that could be easily rectified by allowing an > additional value (0 or 1) to be specified when the iptables rule is > created. Since Jan Engelhardt is the author (this is part of > xtables-addons and not the kernel itself) I may propose this patch to > the netfilter devs and see where that takes us. I thought of that also. I suspect, however, that dealing with different initializations in different rules might be tricky there; especially if the rules were in different tables. It would probably be a case of 'first rule wins'. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: VERIFY Test and improve your parallel project with help from experts and peers. http://goparallel.sourceforge.net _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
