Tom Eastep wrote: > On 4/20/13 8:57 AM, "Dash Four" <[email protected]> wrote: > > >> Paul Gear wrote: >> >>> On 04/20/2013 12:44 PM, Tom Eastep wrote: >>> >>> >>>> On 4/19/13 6:53 PM, "Tom Eastep" <[email protected]> wrote: >>>> >>>> >>>> >>>>> No. INLINE is a hack to allow raw ip[6]tables commands to be >>>>> integrated >>>>> during the compile phase. But it are just that -- raw. >>>>> >>>>> >>>> That breaks new grammatical ground :-) >>>> >>>> >>> I thinking your grammar are just fine. ;-) >>> >>> >> It is not the first such instance either (from "man >> shorewall-accounting" page): "Causes a jump to that chain to be added to >> the chain specified in the CHAIN column." - care to "translate" Tom? >> > > When a chain (call it chain2) is specified in the ACTION column: > > 1) The chain is created. > 2) If a chain is specified in the CHAIN column (call it chain1), then a > jump from chain1 to chain2 is generated. > 2) If no chain is specified in the CHAIN column, then a jump from the > default chain (based on SECTION) to chain2 is generated. > The last item on your list is "3)" I take it? :-)
Got it now. Maybe you can include this as part of the "chain:COUNT|JUMP" explanation in that man page. So, to if I want to "mimic" what shorewall currently does in rules and create a "net2dmz" accounting zone, the following needs to be done (assuming eth0 serves the "net" zone, while eth1 - the "dmz"): SECTION FORWARD dmz_fwd - - eth1 net2dmz dmz_fwd eth0 That should create the following iptables rules: :accountfwd :dmz_fwd :net2dmz -A FORWARD -j accountfwd -A accountfwd -i eth1 -j dmz_fwd -A dmz_fwd -o eth0 -j net2dmz Correct? ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
