On 5/29/13 5:35 PM, "Dash Four" <[email protected]> wrote:
> >Dash Four wrote: >> >> Tom Eastep wrote: >>> Thank you for testing, >>> >> masq >> ~~~~ >> eth0:0:+outside-hosts[dst,dst] +private-net 10.11.1.2 >> >> when ADD_IP_ALIASES=No and ADD_SNAT_ALIASES=No the above statement >> passes without a hint of an error or a warning. Even if I do >> ADD_IP_ALIASES=Yes and ADD_SNAT_ALIASES=Yes, the appropriate >> "del_ip_addr" and "add_ip_aliases" are added to the resulting >> "firewall" file, but the above statement is completely ignored by >> shorewall and nothing is added in my nat table to masquerade this >> connection. >Interesting, when I have: > >masq >~~~~ >eth0:: >eth0:0:+outside-hosts[dst,dst] +private-net 10.11.1.2 > >Then the second statement is ignored (well done to the optimizer!), but >when I have: > >masq >~~~~ >eth0:0:+outside-hosts[dst,dst] +private-net 10.11.1.2 >eth0:: > >both statements are produced, so the only "gripe" is to maybe issue a >warning/error when ADD_SNAT_ALIASES=No and I have "eth0:0" in masq. That is a specific instance of something that can happen anywhere in the ruleset. I tried a simple-minded change that issued a warning when a rule is dropped because the chain has a terminating rule with no matches; unfortunately, that change issues warnings in cases that the user has no control over. So I think I'll work on that for 4.5.18. Thanks, -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
