>> This is a natural consequence of making blacklisting a zone-related >> attribute rather than an interface-related attribute. Interface-oriented >> filtering comes first; so if more than one zone shares an >> Internet-facing interface then interface-related filtering can occur >> prior to zone-related filtering. >> > > I have added logic to promote jumps to 'blacklst' ahead of > interface-specific filtering rules. See the attached output. > That's good. I also tested multi-interface setup and all is well - inter-zone blacklisting works, no problem (that is something I wasn't sure how it will pan out). SECMARKS also works - I tested it thoroughly, the only thing which I would aim to find out in the coming week or so is secmark numbers to context mapping as at present I am only guessing by looking at those numbers.
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
