Mail archive

Re: [alpine-devel] awall - forward to/from same port

From: Leonardo <>
Date: Thu, 04 Oct 2012 08:27:59 +0200

On Wed, 2012-10-03 at 10:39 -0500, Jeremy Thomerson wrote:
> On Wed, Oct 3, 2012 at 2:52 AM, Kaarle Ritvanen
> <> wrote:
> On Thu, 27 Sep 2012, Natanael Copa wrote:
> On Wed, 26 Sep 2012 17:10:13 +0300 (EEST)
> Kaarle Ritvanen <> wrote:
> Well, we could add similar attribute to zone
> definitions or just make
> awall always generate such rules. The downside
> of the latter option
> is that those rules are likely unnecessary in
> most cases, causing a
> slight penalty in performance. What do you
> think?
> Always generate such rules? No, I'd prefer it be
> optional and default
> off.
> Re adding the feature to filter section vs zone
> definition, I suppose
> the benefit with adding it to zone definition is that
> it would be
> slightly easier to make scripts that ports shorewall
> config to awall.
> I added an optional 'route-back' attribute to zone
> definitions. Note that this does not as such allow any
> traffic, but just allows the filter rule to produce iptables
> rules with identical ingress and egress interfaces.
> This feature is available in version 0.2.11.
> Thanks Kaarle! That worked great. I do have a question. Do you have
> a plan to update
> to show the new logging stuff? My "logdrop" and "logreject" are now
> deprecated, and I found on
> that there
> is a different way of configuring this now. But that makes the first
> link above out of date. I'm wondering if we should consolidate that
> first page into the second so it's more likely to stay up-to-date.

That's me who wrote that page. Yeah, I'm supposed to update that page as
soon as I have some time. The idea was that the User Guide it's just a
"guide" explaining every possibility offered by AWall. While the How-To
it's more a Shorewall->AWall migration how-to document.

Thanks for the reminder!

- leonardo

Received on Thu Oct 04 2012 - 08:27:59 UTC