[Shorewall-devel] Fwd: Bug#268999: shorewall: Allow action
templates to use DNAT target
mfedyk at matchmail.com
Thu Sep 2 16:44:22 PDT 2004
Hi all in the ShoreWall community,
[please CC me since I'm not on the list]
I had been using FIAIF for a little while, and the setup of ShoreWall
has been much easier, the config for each operation in one place, and
I'm very happy with it.
That said, it looks like one of the concepts could be taken a bit
further. In this case, it is actions.
To get the process started, I filed this bug in the Debian BTS:
>Allow action templates to use DNAT target:
>Adding this feature would enable you to make a rule like
>Action net dmz:192.0.2.177 tcp 25
>that forwards multiple ports with DNAT targets as needed in the action file.
>It would leave the src and dest unmodified and use them as the src and
>dest for each line with a DNAT target in the action file.
> complaining about port numbers in src or dest on the action caller of course
Now, let me go into a little more detail. Right now, AFAIK actions are
limited to a single target, be that ACCEPT, DNAT or etc.
What I would like to do is refer to one action, and call it from
different rules to use those ports in the action file for DNAT, ACCEPT,
REJECT, and etc. Right now, you need a different action for each variation.
What do you guys think of this?
More information about the Shorewall-devel