[Shorewall-devel] Fwd: Bug#268999: shorewall: Allow action templates to use DNAT target

Mike Fedyk mfedyk at matchmail.com
Thu Sep 2 16:44:22 PDT 2004


Hi all in the ShoreWall community,

[please CC me since I'm not on the list]

I had been using FIAIF for a little while, and the setup of ShoreWall 
has been much easier, the config for each operation in one place, and 
I'm very happy with it.

That said, it looks like one of the concepts could be taken a bit 
further.  In this case, it is actions.

To get the process started, I filed this bug in the Debian BTS:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=268999

>Allow action templates to use DNAT target:
>
>  
>Package: shorewall
>Version: 2.0.7-2
>Severity: wishlist
>
>Adding this feature would enable you to make a rule like
>
>Action 	    net      dmz:192.0.2.177  tcp    25
>
>that forwards multiple ports with DNAT targets as needed in the action file.
>
>It would leave the src and dest unmodified[1] and use them as the src and
>dest for each line with a DNAT target in the action file.
>
>[1] complaining about port numbers in src or dest on the action caller of course
>
Now, let me go into a little more detail.  Right now, AFAIK actions are 
limited to a single target, be that ACCEPT, DNAT or etc.

What I would like to do is refer to one action, and call it from 
different rules to use those ports in the action file for DNAT, ACCEPT, 
REJECT, and etc.  Right now, you need a different action for each variation.

What do you guys think of this?


More information about the Shorewall-devel mailing list