X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from gw02.mail.saunalahti.fi (gw02.mail.saunalahti.fi [195.197.172.116])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 830C1DC35DC
	for <alpine-devel@lists.alpinelinux.org>; Wed, 26 Sep 2012 14:10:22 +0000 (UTC)
Received: from kunkku.net (kanala.lvi-keskinen.fi [62.142.251.59])
	by gw02.mail.saunalahti.fi (Postfix) with ESMTP id ED38213959B;
	Wed, 26 Sep 2012 17:10:16 +0300 (EEST)
Received: from kunkku.net (kunkku.net [127.0.0.1])
	by kunkku.net (8.14.5/8.14.5) with ESMTP id q8QEAE5J006075;
	Wed, 26 Sep 2012 17:10:15 +0300
Received: from localhost (kaarle@localhost)
	by kunkku.net (8.14.5/8.14.5/Submit) with ESMTP id q8QEADGE006071;
	Wed, 26 Sep 2012 17:10:13 +0300
X-Authentication-Warning: kunkku.net: kaarle owned process doing -bs
Date: Wed, 26 Sep 2012 17:10:13 +0300 (EEST)
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
X-X-Sender: kaarle@kunkku.net
To: Natanael Copa <ncopa@alpinelinux.org>
cc: "jeremy@thomersonfamily.com" <jeremy@thomersonfamily.com>,
        Alpine-devel <alpine-devel@lists.alpinelinux.org>
Subject: Re: [alpine-devel] awall - forward to/from same port
In-Reply-To: <20120926090749.4523d331@ncopa-desktop.nor.wtbts.net>
Message-ID: <alpine.LFD.2.02.1209261704360.5933@kunkku.net>
References: <CADVmKVB+6-FzXoX-t8jxgOjpCRN4Dv=xeX8vYvqjw1jsi8kRRg@mail.gmail.com> <20120926090749.4523d331@ncopa-desktop.nor.wtbts.net>
User-Agent: Alpine 2.02 (LFD 1266 2009-07-14)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Wed, 26 Sep 2012, Natanael Copa wrote:

> On Tue, 25 Sep 2012 12:34:53 -0500
> Jeremy Thomerson <jeremy@thomersonfamily.com> wrote:
>> The problem is that awall didn't create a rule in the forward chain
>> for -i gre1 -o gre1.
>
> Not that it means that awall should do the same, but in shorewall you
> add an option called "routeback" to the interface definition.

Well, we could add similar attribute to zone definitions or just make 
awall always generate such rules. The downside of the latter option is 
that those rules are likely unnecessary in most cases, causing a slight 
penalty in performance. What do you think?

BR,
Kaarle


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---