Mail archive
alpine-devel

Re: [alpine-devel] awall - forward to/from same port

From: Jeremy Thomerson <jeremy_at_thomersonfamily.com>
Date: Wed, 3 Oct 2012 10:39:22 -0500

On Wed, Oct 3, 2012 at 2:52 AM, Kaarle Ritvanen <
kaarle.ritvanen_at_datakunkku.fi> wrote:

> On Thu, 27 Sep 2012, Natanael Copa wrote:
>
> On Wed, 26 Sep 2012 17:10:13 +0300 (EEST)
>> Kaarle Ritvanen <kaarle.ritvanen_at_datakunkku.fi**> wrote:
>>
>> Well, we could add similar attribute to zone definitions or just make
>>> awall always generate such rules. The downside of the latter option
>>> is that those rules are likely unnecessary in most cases, causing a
>>> slight penalty in performance. What do you think?
>>>
>>
>> Always generate such rules? No, I'd prefer it be optional and default
>> off.
>>
>> Re adding the feature to filter section vs zone definition, I suppose
>> the benefit with adding it to zone definition is that it would be
>> slightly easier to make scripts that ports shorewall config to awall.
>>
>
> I added an optional 'route-back' attribute to zone definitions. Note that
> this does not as such allow any traffic, but just allows the filter rule to
> produce iptables rules with identical ingress and egress interfaces.
>
> This feature is available in version 0.2.11.
>

Thanks Kaarle! That worked great. I do have a question. Do you have a
plan to update http://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall to show
the new logging stuff? My "logdrop" and "logreject" are now deprecated,
and I found on http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guidethat
there is a different way of configuring this now. But that makes the
first link above out of date. I'm wondering if we should consolidate that
first page into the second so it's more likely to stay up-to-date.

Thanks again,
Jeremy Thomerson



---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Wed Oct 03 2012 - 10:39:22 UTC