Mr Thomas:
i think your work is very well. but i can''t understand why you put
the
filter rule ,Dnat and redirect rule altogether. i think it is very
difficult to understand .
thank you
Mr Tan
_________________________________________________________________
ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger:
http://messenger.microsoft.com/cn
On Sat, 8 Jun 2002, [gb2312] Ì· Êï¹â wrote:> i think your work is very well. but i can''t understand why you put the > filter rule ,Dnat and redirect rule altogether. i think it is very > difficult to understand .Sorry -- most people prefer to maintain one rule instead of two so Shorewall creates both the ''nat'' and ''filter'' table entries from the single rule. That''s not going to change... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Sat, 8 Jun 2002, Tom Eastep wrote:> On Sat, 8 Jun 2002, [gb2312] Ì· Êï¹â wrote: > > > i think your work is very well. but i can''t understand why you put the > > filter rule ,Dnat and redirect rule altogether. i think it is very > > difficult to understand . > > Sorry -- most people prefer to maintain one rule instead of two so > Shorewall creates both the ''nat'' and ''filter'' table entries from the > single rule. That''s not going to change... >To follow up -- do you find the syntax in Shorewall 1.3 easier to understand than what was in Shorewall 1.2? I admit that the syntax in 1.2 was difficult for people to grasp. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net