generate simpler rules for sub-policies

Brought to you by: mikehorn

#312 generate simpler rules for sub-policies

Status: open

Owner: Vadim Kurland

Labels: iptables compiler (47)

Priority: 5

Updated: 2012-08-10

Created: 2012-08-10

Creator: schaarsc

Private: No

if a policy is marked as Topruleset=true then this is generated
$IPTABLES -A INPUT -s 192.178.168.2 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -s 192.178.168.5 -m state --state NEW -j ACCEPT

however if topruleset=false then
$IPTABLES -N INBOUND
$IPTABLES -N Cid4285X10633.0
$IPTABLES -A INBOUND -i + -d 192.178.168.1 -m state --state NEW -j Cid4285X10633.0
$IPTABLES -A Cid4285X10633.0 -s 192.178.168.2 -j ACCEPT
$IPTABLES -A Cid4285X10633.0 -s 192.178.168.5 -j ACCEPT

why is Cid4285X10633 used?
why not
$IPTABLES -N INBOUND
$IPTABLES -A INBOUND -s 192.178.168.2 -m state --state NEW -j ACCEPT
$IPTABLES -A INBOUND -s 192.178.168.5 -m state --state NEW -j ACCEPT

Discussion

schaarsc - 2012-08-10

sample

sample1.fwb.gz

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

generate simpler rules for sub-policies

Group

Searches

Help

#312 generate simpler rules for sub-policies

Discussion