> My patch allows 'none' in the COPY column when '-' appears in the > DUPLICATE column. > Yep, just tested it - nothing is then copied from "main", which is what was supposed to happen.
> When compiling for export, the remote firewall's /etc/iproute2/rt_tables > isn't available at compile time, so no check is possible in that case. > > Also, the /etc/iproute2/rt_tables file is shared by IPv4 and IPv6. > Here's the one from my firewall: > > # > # reserved values > # > 255 local > 254 main > 253 default > 250 balance > 0 unspec > # > # local > # > 1 ComcastB > 2 ComcastC > 3 TProxy > 4 HE2 > 5 HE1 > 6 6to4 > > Tables 1 - 3 are IPv4 while tables 4-6 are IPv6. So if I place HE2 in > the DUPLICATE column of /etc/shorewall/providers, a check against > /etc/iproute2/rt_tables will succeed but no routes will ever be copied. > Got it, thanks. > So I still favor issuing a warning if the DUPLICATE column contains > anything but '-', 'main' or a provider name/number that appears in an > earlier entry. > Makes perfect sense to me, though I can't judge this if there is a mixture of ipv4 and ipv6 interfaces on the same system - don't really know what the contents of main would be then. ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
