$ rpm -q shorewall shorewall-5.2.3.5-1.fc32.noarch On page https://shorewall.org/configuration_file_basics.htm topic: *Alternate Specification of Column Values* 1) The shortcuts for the 'mangle' file is missing: probability, dscp, & switch 2) There is no 'snat' listing. If you use the 'tcrules' section, substituting action for mark, it is missing switch, probability, & origdest (and possibly ipsec).
For the 'snat' file, PORT should be DPORT in the column headings. I don't see a way to select on source port. Also, I add a line above the column heading line (#ACTION SOURCE...) like so: # shortcuts - action,source,dest,proto,dport,sport,user,test,length,tos,connbytes,helper,headers,switch,probability,origdest I find this handy so I have to refer to Shorewall's excellent documentation less often. I ran into this while trying to make openvpn server behave. I have two public addresses (xxx.yyy.zzz.104 & xxx.yyy.zzz.105). If I allow the server to connect to all addresses (0.0.0.0) and then my client connects on .105 the server replies on .104. So I thought, I'll just SNAT that puppy to the address I want. Doing that instead of changing openvpn's server.conf to bind to a specific address, if your IP address ever changes, like it will soon when we migrate from the old server to the new one, they'll be one less configuration file to change. Instead of getting things too complicated, I just changed server.conf to use: local xxx.yyy.zzz.105 Again, thanks for the excellent software and documentation. Bill _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users