holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Back out silly change for output interfaces in the conntrack file.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-26 09:47:42 -08:00
parent 3f550622bd
commit fc87576005
3 changed files with 7 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -6070,7 +6070,7 @@ sub verify_dest_interface( $$$$ ) {
fatal_error "Unknown Interface ($diface)" unless known_interface $diface;
if ( ( $restriction & PREROUTE_RESTRICT ) || ( $chainref->{table} eq 'raw' && ( $restriction & OUTPUT_RESTRICT ) ) ) {
if ( $restriction & PREROUTE_RESTRICT ) {
#
# Dest interface -- must use routing table
#

34
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -329,39 +329,13 @@
<varlistentry>
<term>DEST
[<replaceable>interface</replaceable>|<replaceable>address-list</replaceable>]</term>
{-|<emphasis>interface</emphasis>[:<emphasis>address-list</emphasis>]|<replaceable>address-list</replaceable>}</term>
<listitem>
<para>where <replaceable>interface</replaceable> is the name of a
network interface and <replaceable>address-list</replaceable> is a
<para>where <replaceable>address-list</replaceable> is a
comma-separated list of addresses (may contain exclusion - see
<ulink url="shorewall-exclusion.html">shorewall-exclusion</ulink>
(5)). If an interface is given:</para>
<itemizedlist>
<listitem>
<para>It must be up and configured with an IPv4 address when
Shorewall is started or restarted.</para>
</listitem>
<listitem>
<para>All routes out of the interface must be configured when
Shorewall is started or restarted.</para>
</listitem>
<listitem>
<para>Default routes out of the interface will result in a
warning message and will be ignored.</para>
</listitem>
</itemizedlist>
<para>These restrictions are because Netfilter doesn't support
NOTRACK rules that specify a destination interface (these rules are
applied before packets are routed and hence the destination
interface is unknown). Shorewall uses the routes out of the
interface to replace the interface with an address list
corresponding to the networks routed out of the named
interface.</para>
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
(5)).</para>
</listitem>
</varlistentry>

21
Shorewall6/manpages/shorewall6-conntrack.xml
View File

@ -225,30 +225,13 @@
<varlistentry>
<term>DEST
[<replaceable>interface</replaceable>|<replaceable>address-list</replaceable>]</term>
{-|<emphasis>interface</emphasis>[:<emphasis>address-list</emphasis>]|<replaceable>address-list</replaceable>}</term>
<listitem>
<para>where <replaceable>address-list</replaceable> is a
comma-separated list of addresses (may contain exclusion - see
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
(5)). If an interface is given:</para>
<itemizedlist>
<listitem>
<para>It must be up and configured with an IPv6 address when
Shorewall is started or restarted.</para>
</listitem>
<listitem>
<para>All routes out of the interface must be configured when
Shorewall is started or restarted.</para>
</listitem>
<listitem>
<para>Default routes out of the interface will result in a
warning message and will be ignored.</para>
</listitem>
</itemizedlist>
(5)).</para>
</listitem>
</varlistentry>