At 10:52 PM 03/22/00 +0100, Marc Heuse wrote:
FW_STOP_KEEP_ROUTING_STATE="yes"
the setting explicitly states "keep routing state". it does not read "keep masquerading state". if you stop the susefirewall, of course also masquerading is disabled. but normally also ip_forwarding/routing is disabled. if you set this option to yes, routing will still be active after stopping.
Hi Marc, Ok, I guess I see where FW_STOP_KEEP_ROUTING_STATE="yes" controls the flag echo 0 > /proc/sys/net/ipv4/ip_forward But it looks from the firewall.rc.config description and the reset_rules() function that the intent was to also leave masquerading enabled. What's the point of not removing the fw_masq chain if FW_STOP_KEEP_ROUTING_STATE="yes"? Are there other rules that might be in fw_masq that I wasn't seeing in my configuration? # If you are using diald, or automatic dialing via ISDN, if packets need # to be sent to the internet, you need to turn this on. The script will then # not turn off routing and masquerading when stopped. Sounds like the intent is that masquerading won't be stopped, especially since fw_masq chain isn't removed when FW_STOP_KEEP_ROUTING_STATE="yes". Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/