Mail archive

Re: [alpine-devel] awall - forward to/from same port

From: Kaarle Ritvanen <>
Date: Wed, 3 Oct 2012 10:52:17 +0300 (EEST)

On Thu, 27 Sep 2012, Natanael Copa wrote:

> On Wed, 26 Sep 2012 17:10:13 +0300 (EEST)
> Kaarle Ritvanen <> wrote:
>> Well, we could add similar attribute to zone definitions or just make
>> awall always generate such rules. The downside of the latter option
>> is that those rules are likely unnecessary in most cases, causing a
>> slight penalty in performance. What do you think?
> Always generate such rules? No, I'd prefer it be optional and default
> off.
> Re adding the feature to filter section vs zone definition, I suppose
> the benefit with adding it to zone definition is that it would be
> slightly easier to make scripts that ports shorewall config to awall.

I added an optional 'route-back' attribute to zone definitions. Note that
this does not as such allow any traffic, but just allows the filter rule
to produce iptables rules with identical ingress and egress interfaces.

This feature is available in version 0.2.11.


Received on Wed Oct 03 2012 - 10:52:17 UTC