On 12/1/2015 8:54 AM, Orion Poplawski wrote: > Here are some interesting differences between shorewall6.conf and > shorewall.conf: > > $ diff ./Shorewall/configfiles/shorewall.conf > ./Shorewall6/configfiles/shorewall6.conf > 3c3 > < # Shorewall Version 5 -- /etc/shorewall/shorewall.conf > --- >> # Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf
That one is obvious. > 141c134 > < CLEAR_TC=Yes > --- >> CLEAR_TC=No Remember that when TC is used on both IPv4 and IPv6 on the same network interface(s), then only one of the configurations can define the interface(s) in TC. The above settings assume that it will be done in Shorewall. > 173c162 > < IP_FORWARDING=On > --- >> IP_FORWARDING=Off In IPv6, IP_FORWARDING=On disables autoconfiguration on all interfaces, which would be a poor default. IP_FORWARDING=On has always been the default in Shorewall. > 175c164 > < KEEP_RT_TABLES=No > --- >> KEEP_RT_TABLES=Yes Only one of the two can have KEEP_RT_TABLES=No. Same reason as CLEAR_TC above. > > < OPTIMIZE=0 > --- >> OPTIMIZE=1 Hmmm -- that one is a bit strange. > 219c194 > < TC_ENABLED=Internal > --- >> TC_ENABLED=No Same as the other TC-related settings. > > > In particular, IP_FORWARDING=Off appears to be giving some trouble, see: > https://bugzilla.redhat.com/show_bug.cgi?id=1238729 > If you are configuring a router with Shorewall6, then you need to change that setting. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
