[isf-wifidog] Uh oh! We apologize ...

Mina Naguib webmaster at topfx.com
Ven 11 Mar 21:08:08 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Mina Naguib wrote:
| I was think of the laborious way of doing it:
|
| After config file is parsed, if external interface is undefined,
| populate it based on the default route
|
| After that point, external interface is guaranteed to be known and we
| can lock-down the offending rule.
|
| Can anyone think of drawbacks of doing it this way ?

This issue is fixed now in CVS.

Initially I implemented it as described above, but it didn't work.
iptables refused to add a rule like "-i foo -o bar" to the
nat.PREROUTING chain because, at that time, the routing decision has not
happened so it's unknown which output interface the packet will take.

I then implemented a much simpler solution (which I don't know why I
didn't think of earlier).  Allow all traffic coming from the internal
interface destined to the internal IP.  I did it cleanly with a new
chain called from nat.PREROUTING

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCMk8IeS99pGMif6wRArKFAJ4+BhIL06gB8ExgSOZhyV26CFLL3wCeL9oa
r668dcVYt+Zv49e9NBdhuYY=
=VtZ9
-----END PGP SIGNATURE-----


Plus d'informations sur la liste de diffusion WiFiDog