On 09/03/2018 05:17 PM, Thomas Deutschmann wrote: > Hi, > > what's the current status of this feature request? > > Is the required change already included within shorewall-5.2.1 RC1? > > I would like to test it. Can you show me an example? >
Hi Thomas,
Yes, the feature is in 5.2.1 RC 1. It is described in New Features #3,
#4 and #5 in the release notes.
Assuming that you haven't changed the firewall mark geometry (*_BITS and
*_OFFSET in shorewall.conf), changes are:
shorewall.conf:
TC_EXPERT=Yes
providers:
NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
proxy 1 - - lo - tproxy
mangle:
#ACTION SOURCE DEST
DROP:T 127.0.0.0/8 !lo
RESTORE(0x200):NO {USER=sslh, TEST=0x200/0x200:C} /
;;+ -p tcp --tcp-flags FIN,SYN,RST,ACK SYN
Please let me know how it worked...
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
