> I'm not sure that this issue is completely solvable. Suppose that your
> /etc/shorewall/init file populates table 46. Then you place 46 in the
> DUPLICATE column. With the current code, that will work; any change I make
> to reject '46' at compile time will break this scenario. How about a
> warning that says that the content of the DUPLICATE column is not a
> recognized standard routing table?
>
I haven't tested this yet - just want to make sure that understand the
whole thing.
The purpose of DUPLICATE is to copy across all routes (incl. blackhole
ones) for the specified INTERFACE to the new PROVIDER table, including
also all routes for interfaces specified in the COPY column (the dash
("-") in DUPLICATE/COPY being a special case, so I won't deal with this
scenario right now), is that right?
If so, then by looking at your patch, if "none" is specified, then no
copy takes place (then, I assume the COPY *should* also contain "none",
right?). However, if a value is specified (either a number or a name),
then that (existing) table is used as source. Have I got this right?
If so, if the value specified in DUPLICATE is wrong (in other words,
that table isn't specified in "providers" and does not exist in
/etc/iproute2/rt_tables either), in which case shorewall can't copy
anything, then why not issue an error and stop processing? have I missed
anything?
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
