Artur Uszyński wrote: > On nie, 16 wrz 2007 Tom Eastep wrote: > >> Artur Uszyński wrote: >> >>> I have several suggestions: >>> 1. the patches in the attachment (add provider match requirement), they >>> are for shorewall 4.0.3 >> I prefer the attached patch that expands a missing destination ( '-' ) to >> 0.0.0.0/0. > > I'm sorry, but it does not help at all. 0.0.0.0/0 is simply ignored by > ip utility. It is easy to verify: > > ip rule add from 1.1.1.1 to 10.0.0.0/8 priority 1000 table 5 > ip rule add from 1.1.1.1 to 0.0.0.0/0 priority 1000 table main > ip rule del from 1.1.1.1 to 0.0.0.0/0 priority 1000 > > And you finish with the following (ip rule ls): > > 1000: from 1.1.1.1 lookup main
Maybe that's what you get but see this: [EMAIL PROTECTED]:~# ip rule ls 0: from all lookup 255 32766: from all lookup main 32767: from all lookup default [EMAIL PROTECTED]:~# ip rule add from 1.1.1.1 to 10.0.0.0/8 priority 1000 table 5 [EMAIL PROTECTED]:~# ip rule add from 1.1.1.1 to 0.0.0.0/0 priority 1000 table main [EMAIL PROTECTED]:~# ip rule del from 1.1.1.1 to 0.0.0.0/0 priority 1000 [EMAIL PROTECTED]:~# ip rule ls 0: from all lookup 255 1000: from 1.1.1.1 to 10.0.0.0/8 lookup 5 32766: from all lookup main 32767: from all lookup default [EMAIL PROTECTED]:~# Looks like something is broken with your kit... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
