On 02/18/2013 10:39 AM, Igor Sverkos wrote:
> Hi,
>
> I am not sure if I found a bug in shorewall's interface man page.
>
> In [1]:
>
>> sourceroute[={0|1}]
>>
>> If this option is not specified for an interface,
>> then source-routed packets will not be accepted
>> from that interface
>> (sets /proc/sys/net/ipv4/conf/interface/accept_source_route to 1).
>> ...
>
> Isn't that wrong? I mean which value should
>
> /proc/sys/net/ipv4/conf/interface/accept_source_route
>
> have, when this option isn't set? The documentation says "sets to 1",
> but the parameter is named *accept*_source_route -- so when the
> parameter will be set to 1, this interface *will* accept source-routed
> packets... but the text above says "if this option is not specified,
> *no* source-routed packets will be accepted".
>
> What's right now?The manpage is definitely wrong. If 'sourceroute' isn't specified, then Shorewall doesn't change the setting of /proc/sys/net/ipv4/conf/<interface>/accept_source_route. Thanks for bringing this to our attention. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
