[Shorewall-users] "shorewall add" and hosts not exactly the same?

Tom Eastep teastep at shorewall.net
Sat May 3 09:38:03 PDT 2003


On Sat, 3 May 2003 16:28:13 +0100, Miguel Armas <kuko at maarmas.com> wrote:


> DNAT     pub!auth       fw:192.168.254.1 all    - - !192.168.254.1

That rule is statically created at "shorewall [re]start" and is not changed 
when you add hosts to the 'auth' zone.


>
> So the code can handle DNAT rules to dynamically added hosts, but not the
> exception to DNAT rules??

That's correct.

>
> Maybe it should create a nonat table with the name of the zone 
> (auth_nonat1)
> and add a RETURN rule to that table with the newly added host??
> Is it very complex to implement?

Let me give it some thought...

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep at shorewall.net



More information about the Shorewall-users mailing list