On 02/18/2013 10:39 AM, Igor Sverkos wrote:> Hi,
>
> I am not sure if I found a bug in shorewall''s interface man page.
>
> In [1]:
>
>> sourceroute[={0|1}]
>>
>> If this option is not specified for an interface,
>> then source-routed packets will not be accepted
>> from that interface
>> (sets /proc/sys/net/ipv4/conf/interface/accept_source_route to 1).
>> ...
>
> Isn''t that wrong? I mean which value should
>
> /proc/sys/net/ipv4/conf/interface/accept_source_route
>
> have, when this option isn''t set? The documentation says
"sets to 1",
> but the parameter is named *accept*_source_route -- so when the
> parameter will be set to 1, this interface *will* accept source-routed
> packets... but the text above says "if this option is not specified,
> *no* source-routed packets will be accepted".
>
> What''s right now?
The manpage is definitely wrong. If ''sourceroute''
isn''t specified, then
Shorewall doesn''t change the setting of
/proc/sys/net/ipv4/conf/<interface>/accept_source_route.
Thanks for bringing this to our attention.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet,
is your hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials, tech docs,
whitepapers, evaluation guides, and opinion stories. Check out the most
recent posts - join the conversation now. http://goparallel.sourceforge.net/