On Thu, Nov 15, 2018 at 03:20:38PM -0000, Steven Schroeder wrote:
The problem is that I receive traps from hundreds of subnets that
need
to be forwarded to our noc and they are always adding new subnets, so
the catch-all was an attempt to not have to worry about missing traps
to the noc when new subnets are turned up.
Select subnets within those hundreds of subnets have to also forward
to a second destination IP.
This is what i have in place as of this morning, the first rule is
sending all traps received to the noc. I added the second rule which
stops traps from being sent to the noc, but does forward to the second
destination, which is good, but I still need that to go to the noc as
well.
Are you saying that you need to duplicate the packet to both the noc and
the second destination? That's not possible with firewalld rich rules.
It sounds like you want something like iptables TEE extension, in which
case you'll have to use --direct rules. See the iptables-extensions man
page.