Thanks, the patch solves the issue. Will the change also be included in the next release?
Regards, Klemens > > Tom Eastep wrote: > Klemens Rutz wrote: > > Hi, > > > > a "DNAT-" rule with source "all" omitted destination zone is not > > applied for packets originating from the firewall itself. Here is an > > example (zones oz and $FW) and some further analysis: > > <details deleted> > > The attached patch against 4.3 applies with offset to 4.2. Apply to /usr/share/shorewall-perl/Shorewall/Rules.pm > > > > > This motivates another series of tests where the destination zone is > > "oz". I get a warning from the compiler: > > WARNING: Destination zone (oz) ignored) but the firewall script > > seems to be correct in this case: > > > > <more detail deleted> > > > The warning is kind of misleading here, > > I disagree. > > > because the destination zone is actually not ignore. > > Yes it is! You get the same result whether it is there, is not there, or is the name of any defined zone. > > > Though I agree that a destination > > zone is only needed in a DNAT, but not in a DNAT- rule. > > > > Is the behavior with omitted destination zone correct > > Yes. > > > and > > should I specify the destination zone in DNAT- rules or not? > > Not. > > > How serious should I take the warning about the ignored destination > > zone? > > I can't answer that. The message tells you that you are doing something silly -- you can ignore it if you want to. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
