X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id DF019DC3767 for ; Thu, 4 Oct 2012 06:28:13 +0000 (UTC) Received: by mail-bk0-f54.google.com with SMTP id jf20so58926bkc.13 for ; Wed, 03 Oct 2012 23:28:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:subject:from:to:cc:date:in-reply-to:references :content-type:x-mailer:mime-version; bh=aToJsHMPQnt1P4x6ymOklw4lk4yPJON9gqrMfC3qUDc=; b=BbjgKiOJ2Nvg9p/F3C2rtW6yDn1LpTb9EAQtcRWD0oZRzr7hfbRnwqVLKDlYs8INI8 Jxnqo9IWS3+vLgNLsP8KHsXjHJ9aUwgITUT8+xFarltty6bbS1sFFLFNjweVGItuuqAu 9ZyzhncUYduAxjQZArqmTuZxJhjOjXAjc4dfUGUora+dT3460DfSGd2Nt6HVy+iyVE+6 XU3K66t/Z5xB279/YX+620icQSHjyuN+xXJFj9LyZ70HC03qW5D/RAgEdtxbefyvV3Aw f+QvmAKQ8w0ooaadSOZ1HvQFexh13mcOwWHHs4eG9W3oGM06Kg7ZCrsXasJj1zqIltKO W5Gw== Received: by 10.204.5.148 with SMTP id 20mr1232654bkv.28.1349332091595; Wed, 03 Oct 2012 23:28:11 -0700 (PDT) Received: from [10.44.65.254] (93-57-120-162.ip164.fastwebnet.it. [93.57.120.162]) by mx.google.com with ESMTPS id t27sm4676115bkv.10.2012.10.03.23.28.09 (version=SSLv3 cipher=OTHER); Wed, 03 Oct 2012 23:28:10 -0700 (PDT) Message-ID: <1349332079.11942.35.camel@df1844j> Subject: Re: [alpine-devel] awall - forward to/from same port From: Leonardo To: jeremy@thomersonfamily.com Cc: Kaarle Ritvanen , Natanael Copa , Alpine-devel Date: Thu, 04 Oct 2012 08:27:59 +0200 In-Reply-To: References: <20120926090749.4523d331@ncopa-desktop.nor.wtbts.net> <20120927101314.65e3bcf1@ncopa-desktop.nor.wtbts.net> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-nkKTR4r1c3vHY7/sp4Jo" X-Mailer: Evolution 3.2.3-0ubuntu6 X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 --=-nkKTR4r1c3vHY7/sp4Jo Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2012-10-03 at 10:39 -0500, Jeremy Thomerson wrote: >=20 > On Wed, Oct 3, 2012 at 2:52 AM, Kaarle Ritvanen > wrote: > On Thu, 27 Sep 2012, Natanael Copa wrote: > =20 > =20 > On Wed, 26 Sep 2012 17:10:13 +0300 (EEST) > Kaarle Ritvanen wrote: > =20 > =20 > Well, we could add similar attribute to zone > definitions or just make > awall always generate such rules. The downside > of the latter option > is that those rules are likely unnecessary in > most cases, causing a > slight penalty in performance. What do you > think? > =20 > Always generate such rules? No, I'd prefer it be > optional and default > off. > =20 > Re adding the feature to filter section vs zone > definition, I suppose > the benefit with adding it to zone definition is that > it would be > slightly easier to make scripts that ports shorewall > config to awall. > =20 > =20 > I added an optional 'route-back' attribute to zone > definitions. Note that this does not as such allow any > traffic, but just allows the filter rule to produce iptables > rules with identical ingress and egress interfaces. > =20 > This feature is available in version 0.2.11. >=20 > Thanks Kaarle! That worked great. I do have a question. Do you have > a plan to update http://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall > to show the new logging stuff? My "logdrop" and "logreject" are now > deprecated, and I found on > http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide that there > is a different way of configuring this now. But that makes the first > link above out of date. I'm wondering if we should consolidate that > first page into the second so it's more likely to stay up-to-date. That's me who wrote that page. Yeah, I'm supposed to update that page as soon as I have some time. The idea was that the User Guide it's just a "guide" explaining every possibility offered by AWall. While the How-To it's more a Shorewall->AWall migration how-to document. Thanks for the reminder! - leonardo --=-nkKTR4r1c3vHY7/sp4Jo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJQbSxvAAoJELAPckZGG2T6f28IAJiWvWqXpGgItEtADHRJoNhK aSUV7Pfj747txCq+mzadIpqvslJHvZ/mpoupSyZCGfasgSXBgCF8GVCFkqLLXdS4 +pMjQ358JZlBVZ6S2JPWBJMEAtB4XR5GKJFD5IjIfcrRdpsLqv39vjyvETroIGQr 7SjsoU//q1NRX6m+HHTb6FkWxhxTjjg9+qcTQPV1FccfVoERuV3UTsgIWLbQ/N4n AXQfZODz3xDTG3vF87buqJzEOypigpRxQR/a+Pxc1qpWhf0OiMK/hY+4DPtAii/B 4hDKr/CBheXo/YGOEt3OB7aMXYGnr7IZvCTy9mCcnaA9xVoEPO0PMxij3xt5wbQ= =HArv -----END PGP SIGNATURE----- --=-nkKTR4r1c3vHY7/sp4Jo-- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---