[Olsr-dev] [Olsr-users] Insert routes into multiple tables

List Receiver (spam-protected)
Fri Dec 5 02:03:35 CET 2008


> Ehm... some misunderstanding here.  Perhaps we're not speaking of the
> same
> piece of software?
> 
> The Shorewall that I'm speaking about is a firewall configuration tool.
> As
> such, it is designed to manage the kernel's packet filtering tables.
> 
> The olsrd that I'm speaking about is a routing daemon.  As such, it is
> designed to manage the kernel's routing tables.
> 
> If I sound like I am throwing stones, that is merely because I don't
> understand why a firewall configuration tool should be maintaining
> routing
> tables.
> 
>                                         Juliusz

No, I think we're talking about the same software.  Routing is still
part of a firewall's job, so I don't think it's at all outside of the
realm of reasonable involvement for Shorewall to modify routing tables.
In some cases, like proxyarp, it has to modify routing tables in order
to do what it's supposed to do.  In my case, the multi-ISP functionality
is closely tied to routing tables in order to direct traffic to the 
desired/appropriate interfaces.  Or how about the ability to null-route
rfc1918 traffic instead of reject it?  There really are many legitimate 
instances where a firewall configuration tool *has* to modify routing
tables in order to do what it does.

After all, what would a firewall be without routing? (the answer is null )

The question, in my mind, is more about *how* it's modifying the tables
and how tolerant other applications are of those modifications.  My initial
configuration was not tolerant, but (no thanks to this list) my current
configuration is tolerant of the way OLSR wants to work.

While I was able to get around OLSR's current limitations, I was hoping
some folks might realize that there may be some isolated instances where
having a bit of flexibility would count for something.  The Shorewall
devs realize this.

Just a thought...do with it as you like.




More information about the Olsr-dev mailing list