From: Klemens R. <kle...@gm...> - 2009-02-28 17:46:13
|
Tom Eastep wrote: > Tom Eastep wrote: > > Klemens Rutz wrote: > >> Hi, > >> > >> playing around with the nosmurfs option I found out that the firewall > >> script contains no rules to enter <interface>_fwd chains when > >> generated shorewall-perl: > >> # grep eth0_fwd firewall > >> :eth0_fwd - [0:0] > >> -A eth0_fwd -m state --state NEW,INVALID -j smurfs > >> > >> As a result the nosmurf option does not affect forwarded packages. > >> This is also true for other interface options like e.g. tcpflags, > >> maclist, etc. > > > > Please see if the attached hack to > > /usr/share/shorewall-perl/Shorewall/Chains.pm corrects this for you. > > I've come up now with the correct patch -- please reverse the prior patch > (if you've applied it) and apply this one. > > This will be released shortly as Shorewall-perl-4.2.6.1. Many thanks. Both patches have fixed the issue, the second obviously in line with the changed design in shorewall-perl... Regards, Klemens |