I''m in the process of setting up a new Shorewall box and have bumped
into a
limitation that I''m hoping someone can explain to me: the inability of
custom
actions to make use of REDIRECT.
It seems it would be a very useful thing to use, so I wonder why it is omitted.
In my case, several of the zones are "managed" by the firewall such
that certain
services (DNS, NTP, HTTP, ...) get redirected to appropriate internal services
(DNS cache, local NTP server, web proxy, ...) to improve service. It would be
nice to be able to create a custom action which performed all of these and then
simply use lines in /etc/shorewall/rules to mark the zones as managed. Example:
# /etc/shorewall/action.Manage
REDIRECT - zone1:$IP_DNS tcp domain
REDIRECT - zone1:$IP_DNS udp domain
REDIRECT - zone1:$IP_SQUID tcp www
REDIRECT - zone1:$IP_NTP udp ntp
# /etc/shorewall/rules
Manage zone2
Manage zone3
Manage zone4
So perhaps someone can explain to me why custom rules omit REDIRECT?
TIA,
--
Dark "Best destruction of cello with plaster porpoise" R.
"Hi, I killed the president of Paraguay with a fork. How have you
been?"
--Martin Blank, Grosse Pointe Blank
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Dark Ryder wrote:> > So perhaps someone can explain to me why custom rules omit REDIRECT? >Because I''m not smart enough to make it work right. In 2.5, there is a ''macro'' facility that works very similar to actions and that allows DNAT and REDIRECT. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 2005.08.08 10:47:43, Tom Eastep wrote:> Dark Ryder wrote: > > So perhaps someone can explain to me why custom rules omit REDIRECT? > > Because I''m not smart enough to make it work right.Oooh, I *hate* that one. I''m running into the same problem right now trying to get my /etc/shorewall/init to automagically pull IPs and MACs from by dhcpd.conf. :-)> In 2.5, there is a ''macro'' facility that works very similar to actions and > that allows DNAT and REDIRECT.Then I shall very much look forward to it. Thanks for the quick response! -- Dark "the shortest distance between two jokes is a straight line" R. "Some people have told me they don''t think a fat penguin really embodies the grace of Linux, which just tells me they have never seen an angry penguin charging at them in excess of 100mph. They''d be a lot more careful about what they say if they had." --Linus Torvalds ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf