Is there a possibility to include 'raw' iptables statements directly
(the stuff which goes after "-A <chain>") by shorewall? For example,
specifying something like INLINE('-m <match 1> <match 1 parameters> -m
<match 2> <match 2 parameters> [...] -j ACCEPT'), which shorewall takes
and inserts after the appropriate "-A" and chain arguments without any
modification. Obviously, I understand that optimisation of such
statements will be non-existent, but I am willing to take that hit.
The reason I ask for this is because I have quite a lot of new features
which by the looks of things and also judging by the snail-pace with
which these are adopted (or not) by netfilter 'core' team it takes
absolute ages to get mainline. In the meantime I need these for my own
machines and need to be able to deploy them as quickly as possible.
Currently, I have only your postcompile feature to work with Tom, but
that isn't always the most easy thing to do or the most
practical/straight forward. Thanks.
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
