forked from extern/shorewall_code
Back out silly change for output interfaces in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
3f550622bd
commit
fc87576005
@ -6070,7 +6070,7 @@ sub verify_dest_interface( $$$$ ) {
|
|||||||
|
|
||||||
fatal_error "Unknown Interface ($diface)" unless known_interface $diface;
|
fatal_error "Unknown Interface ($diface)" unless known_interface $diface;
|
||||||
|
|
||||||
if ( ( $restriction & PREROUTE_RESTRICT ) || ( $chainref->{table} eq 'raw' && ( $restriction & OUTPUT_RESTRICT ) ) ) {
|
if ( $restriction & PREROUTE_RESTRICT ) {
|
||||||
#
|
#
|
||||||
# Dest interface -- must use routing table
|
# Dest interface -- must use routing table
|
||||||
#
|
#
|
||||||
|
@ -329,39 +329,13 @@
|
|||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>DEST ‒
|
<term>DEST ‒
|
||||||
[<replaceable>interface</replaceable>|<replaceable>address-list</replaceable>]</term>
|
{-|<emphasis>interface</emphasis>[:<emphasis>address-list</emphasis>]|<replaceable>address-list</replaceable>}</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>where <replaceable>interface</replaceable> is the name of a
|
<para>where <replaceable>address-list</replaceable> is a
|
||||||
network interface and <replaceable>address-list</replaceable> is a
|
|
||||||
comma-separated list of addresses (may contain exclusion - see
|
comma-separated list of addresses (may contain exclusion - see
|
||||||
<ulink url="shorewall-exclusion.html">shorewall-exclusion</ulink>
|
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
|
||||||
(5)). If an interface is given:</para>
|
(5)).</para>
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>It must be up and configured with an IPv4 address when
|
|
||||||
Shorewall is started or restarted.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>All routes out of the interface must be configured when
|
|
||||||
Shorewall is started or restarted.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Default routes out of the interface will result in a
|
|
||||||
warning message and will be ignored.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para>These restrictions are because Netfilter doesn't support
|
|
||||||
NOTRACK rules that specify a destination interface (these rules are
|
|
||||||
applied before packets are routed and hence the destination
|
|
||||||
interface is unknown). Shorewall uses the routes out of the
|
|
||||||
interface to replace the interface with an address list
|
|
||||||
corresponding to the networks routed out of the named
|
|
||||||
interface.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -225,30 +225,13 @@
|
|||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>DEST ‒
|
<term>DEST ‒
|
||||||
[<replaceable>interface</replaceable>|<replaceable>address-list</replaceable>]</term>
|
{-|<emphasis>interface</emphasis>[:<emphasis>address-list</emphasis>]|<replaceable>address-list</replaceable>}</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>where <replaceable>address-list</replaceable> is a
|
<para>where <replaceable>address-list</replaceable> is a
|
||||||
comma-separated list of addresses (may contain exclusion - see
|
comma-separated list of addresses (may contain exclusion - see
|
||||||
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
|
<ulink url="shorewall-exclusion.html">shorewall6-exclusion</ulink>
|
||||||
(5)). If an interface is given:</para>
|
(5)).</para>
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>It must be up and configured with an IPv6 address when
|
|
||||||
Shorewall is started or restarted.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>All routes out of the interface must be configured when
|
|
||||||
Shorewall is started or restarted.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Default routes out of the interface will result in a
|
|
||||||
warning message and will be ignored.</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user