On Wed, 2007-18-04 at 17:40 -0700, Tom Eastep wrote: > Brian J. Murrell wrote: > > On Wed, 2007-18-04 at 14:14 -0700, Tom Eastep wrote: > >> You're correct (It's been a while since I thought about why I did > >> HIGH_ROUTE_MARKS). So long as you don't try to use SAVE/RESTORE rules, you > >> should be ok. HIGH_ROUTE_MARKS provides a way to do SAVE/RESTORE safely > >> while still using 'track' (which also does SAVE/RESTORE). > > > > I think even SAVE/RESTORE could be used as long as they use masks and > > 'track'ing used netmasks as well, no? > > No Brian. Shorewall generates RESTORES with mask 0xff.
Yes, I realize it does currently. My proposition is to use a mask that masks off the high-order bits. Only 1 bit if two providers, 2 bits if 4 or less, 3 if 7 or less, etc. Of course the trade-off is the more providers, the less bits you have to do other marking. But really, how many providers can one person have? :-) b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
