> That doesn't need Shorewall support -- just set that context first for NEW > connections then override it for specific applications. > I was not sure is the matching mechanism in secmarks the same as in the rules file (i.e. first match wins)?
If that is so, then - you are right - I could include a capture-all rule for this 'dummy' context right at the end, but this is also true for the policy and rules files as well - I could always include a capture-all ALLOW/DENY at the end of the rules file and that will, in effect, be the same as specifying exactly the same thing in policy file, wouldn't it (in fact, I think I remember in the early Shorewall versions that used to be the case, right?)? So, I guess what I am really after is something similar to the policy file, but for secmarks. ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
