search for: _fwd

The rule structure for handling complex zones (those requiring entries in /etc/shorewall/hosts) has been improved through the addition of an intermediate forwarding chain. For those who have such zones, this change can substantiallyreduce the number of rules in the <interface>_fwd chains. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

...be transparent and now it is (fewer surprises). Also avoids extra rules created by "Z Z ACCEPT" policies. b) Using the NONE policy, you can reduce the number of rules that packets must traverse by removing the rules for impossible source/destination combinations in the <interface>_fwd chains. The disadvantages are: a) This is an incompatible change. 1 - if you have intra-zone policies and/or rules, they must be removed. 2 - if you have multiple subnets connected to a single interface and you want Shorewall to route between them then you must define them in the /etc/sh...