On 9/17/10 4:31 PM, Tom Eastep wrote: > > COM_IF_fwd is similar. > > I'm not sure whether or not I'll be able to do anything about this in > the short term. >
This is a natural consequence of making blacklisting a zone-related attribute rather than an interface-related attribute. Interface-oriented filtering comes first; so if more than one zone shares an Internet-facing interface then interface-related filtering can occur prior to zone-related filtering. C'est la vie... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
