On Monday 04 Feb 2013 23:14:55 Tom Eastep wrote: > On 02/04/2013 03:10 PM, Tom Eastep wrote: > >> I have specified INVALID_DISPOSITION=CONTINUE > >> > >> If any of the "PACKET DISPOSTION" parameters in shorewall.conf is set to > >> CONTINUE, shouldn't '-j' be used instead of '-g' in the generated > >> iptables rule? > > > > It should indeed; good catch! > > > > Patch attached. > > Even with that patch, a RETURN rule in the target chain won't work > correctly with 'g'. The attached patch (which should be applied after > PATCH 3) unconditionally uses -j' in these rules. > > -Tom
Tom Confirmed, the patches have fixed the issue. Thanks. Steven. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
