> That's the best way to do what you are trying to do. > I have some more twisted ones (when I have source ip,port pairs and a destination ip-port set) and Shorewall just about manages to fit this, but it is just.
> I'll think about an alternative syntax for 4.4.14... > This is useful when I have to restrict traffic to various IP,Port hosts which use different protocols. Personal VPN is a good example - you have various hosts with different ip,port pair combinations and you also have them use either tcp or udp depending on that pair. Currently, on one of my machines I issue two identical statements (like the one I listed in my initial post), but one for tcp and one for udp protocols, which isn't the most efficient way and I'd rather be able to specify IP,port,protocol as a triplet (dst,dst,dst) than make two statements covering all bases (I also have to make two sets - one for udp and one for tcp which is not very convenient). ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
