Back out silly change for output interfaces in the conntrack file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-26 09:47:42 -08:00
parent 3f550622bd
commit fc87576005
3 changed files with 7 additions and 50 deletions

View File

@ -6070,7 +6070,7 @@ sub verify_dest_interface( $$$$ ) {
fatal_error "Unknown Interface ($diface)" unless known_interface $diface; fatal_error "Unknown Interface ($diface)" unless known_interface $diface;
if ( ( $restriction & PREROUTE_RESTRICT ) || ( $chainref->{table} eq 'raw' && ( $restriction & OUTPUT_RESTRICT ) ) ) { if ( $restriction & PREROUTE_RESTRICT ) {
# #
# Dest interface -- must use routing table # Dest interface -- must use routing table
# #

View File

@ -329,39 +329,13 @@
<varlistentry> <varlistentry>
<term>DEST <term>DEST
[<replaceable>interface</replaceable>|<replaceable>address-list</replaceable>]</term> {-|<emphasis>interface</emphasis>[:<emphasis>address-list</emphasis>]|<replaceable>address-list</replaceable>}</term>
<listitem> <listitem>
<para>where <replaceable>interface</replaceable> is the name of a <para>where <replaceable>address-list</replaceable> is a
network interface and <replaceable>address-list</replaceable> is a
comma-separated list of addresses (may contain exclusion - see comma-separated list of addresses (may contain exclusion - see
<ulink url="shorewall-exclusion.html">shorewall-exclusion</ulink> <ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
(5)). If an interface is given:</para> (5)).</para>
<itemizedlist>
<listitem>
<para>It must be up and configured with an IPv4 address when
Shorewall is started or restarted.</para>
</listitem>
<listitem>
<para>All routes out of the interface must be configured when
Shorewall is started or restarted.</para>
</listitem>
<listitem>
<para>Default routes out of the interface will result in a
warning message and will be ignored.</para>
</listitem>
</itemizedlist>
<para>These restrictions are because Netfilter doesn't support
NOTRACK rules that specify a destination interface (these rules are
applied before packets are routed and hence the destination
interface is unknown). Shorewall uses the routes out of the
interface to replace the interface with an address list
corresponding to the networks routed out of the named
interface.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

View File

@ -225,30 +225,13 @@
<varlistentry> <varlistentry>
<term>DEST <term>DEST
[<replaceable>interface</replaceable>|<replaceable>address-list</replaceable>]</term> {-|<emphasis>interface</emphasis>[:<emphasis>address-list</emphasis>]|<replaceable>address-list</replaceable>}</term>
<listitem> <listitem>
<para>where <replaceable>address-list</replaceable> is a <para>where <replaceable>address-list</replaceable> is a
comma-separated list of addresses (may contain exclusion - see comma-separated list of addresses (may contain exclusion - see
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink> <ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
(5)). If an interface is given:</para> (5)).</para>
<itemizedlist>
<listitem>
<para>It must be up and configured with an IPv6 address when
Shorewall is started or restarted.</para>
</listitem>
<listitem>
<para>All routes out of the interface must be configured when
Shorewall is started or restarted.</para>
</listitem>
<listitem>
<para>Default routes out of the interface will result in a
warning message and will be ignored.</para>
</listitem>
</itemizedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>