[Shorewall-users] Problem with ICMP Redirect
teastep at shorewall.net
Tue Jun 17 21:21:20 PDT 2003
On Wed, 18 Jun 2003, Martin Chan wrote:
> Yes, it works.
> But can we use it only on one interface. I'm worry about it will affect
> the security on my firewall from the Internet side.
If it was available on an interface basis, I would have recommended that
approach to you. Any routing scheme that sends packets out the same
interface that they came in on is braindead in my opinion; if that's
what you want to do, setting NEWNOTSYN=Yes is the price you pay if you
want to use Shorewall.
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users