X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from gw03.mail.saunalahti.fi (gw03.mail.saunalahti.fi [195.197.172.111])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id AD04BDC361C
	for <alpine-devel@lists.alpinelinux.org>; Wed,  3 Oct 2012 07:52:26 +0000 (UTC)
Received: from kunkku.net (kanala.lvi-keskinen.fi [62.142.251.59])
	by gw03.mail.saunalahti.fi (Postfix) with ESMTP id E975721662A;
	Wed,  3 Oct 2012 10:52:19 +0300 (EEST)
Received: from kunkku.net (kunkku.net [127.0.0.1])
	by kunkku.net (8.14.5/8.14.5) with ESMTP id q937qIiv023450;
	Wed, 3 Oct 2012 10:52:18 +0300
Received: from localhost (kaarle@localhost)
	by kunkku.net (8.14.5/8.14.5/Submit) with ESMTP id q937qH80023446;
	Wed, 3 Oct 2012 10:52:18 +0300
X-Authentication-Warning: kunkku.net: kaarle owned process doing -bs
Date: Wed, 3 Oct 2012 10:52:17 +0300 (EEST)
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
X-X-Sender: kaarle@kunkku.net
To: Natanael Copa <ncopa@alpinelinux.org>
cc: "jeremy@thomersonfamily.com" <jeremy@thomersonfamily.com>,
        Alpine-devel <alpine-devel@lists.alpinelinux.org>
Subject: Re: [alpine-devel] awall - forward to/from same port
In-Reply-To: <20120927101314.65e3bcf1@ncopa-desktop.nor.wtbts.net>
Message-ID: <alpine.LFD.2.02.1210031044220.23327@kunkku.net>
References: <CADVmKVB+6-FzXoX-t8jxgOjpCRN4Dv=xeX8vYvqjw1jsi8kRRg@mail.gmail.com> <20120926090749.4523d331@ncopa-desktop.nor.wtbts.net> <alpine.LFD.2.02.1209261704360.5933@kunkku.net> <20120927101314.65e3bcf1@ncopa-desktop.nor.wtbts.net>
User-Agent: Alpine 2.02 (LFD 1266 2009-07-14)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

On Thu, 27 Sep 2012, Natanael Copa wrote:

> On Wed, 26 Sep 2012 17:10:13 +0300 (EEST)
> Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> wrote:
>
>> Well, we could add similar attribute to zone definitions or just make
>> awall always generate such rules. The downside of the latter option
>> is that those rules are likely unnecessary in most cases, causing a
>> slight penalty in performance. What do you think?
>
> Always generate such rules? No, I'd prefer it be optional and default
> off.
>
> Re adding the feature to filter section vs zone definition, I suppose
> the benefit with adding it to zone definition is that it would be
> slightly easier to make scripts that ports shorewall config to awall.

I added an optional 'route-back' attribute to zone definitions. Note that 
this does not as such allow any traffic, but just allows the filter rule 
to produce iptables rules with identical ingress and egress interfaces.

This feature is available in version 0.2.11.

BR,
Kaarle


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---