Tom Eastep wrote: > DI Roman Fiedler wrote: > >> Tom Eastep wrote: >> >>> DI Roman Fiedler wrote: >>> >>> >>> >>>> Any ideas for workarounds? >>>> >>>> >>> No. Shorewall does filtering in the 'filter' table which, as you have >>> noted, is traversed after the packets have been routed. >>> >>> -Tom >>> >>> >>> >> Is there any way to push the packet back to the start? I noticed that >> there are some strange targets I do not fully understand (like MIRROR, >> NFQUEUE). The original packet could be dropped but an indentical copy >> would enter protocol stack again, so that the conntrack setups are >> already ok, all marks are correct so that prerouting would work as >> expected (make the first packet the second so that it will work). >> >> > > You would be better served to ask these questions on the Netfilter list > rather than here. > > -Tom > Yes, I guess I will try there, thanks.
Roman ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
