>> Currently I can't see a way of adding blackhole routes (there isn't >> anything in either "rtrules" or "routes"), which means that if I have a >> custom-set blackhole routes (via the Linux network scripts or via >> "start"/"started"), they will not be copied over to the providers >> table(s) and there is no way to add them in either of these two files. >> > > I highly recommend USE_DEFAULT_RT=Yes. This causes the main routing > table to be traversed prior to the provider tables and avoids all of the > copying nonsense altogether. No, that is not an option for me and is precisely why I had to use "providers", though, unaware of the fact that blackhole routes can't be/won't be copied over.
Besides, I have routes in my "providers" file, which "puncture" holes in the routes defined as blackhole, so even if I follow your advice above, that won't work - I need to copy the blackhole routes concerned, as well as those routes I am using in my "providers" file, together as a package, otherwise the whole thing won't work. Currently, with a bit of hacking and by defining things in "start", "started" and also using "postcompile" I can survive (for now!), but that isn't a solution. > I really don't want to put any effort into improving USE_DEFAULT_RT=No. > At the end of the day, it is your call - I am just highlighting an issue. Whether you decide to address it or not is up to you, not me. >> Note the double "echo 0 > ..." statement above. >> > > Patch attached. > I'll have a chance to test this tonight... >> "eth2|eth2)" is the equivalent of "eth2)", so this should be optimised >> > > Patch attached. > ... and that one too. Thanks. ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
