> No -- it must be at the beginning. > In that case if I have a subsequent match(es) should I then assume the latest matching rule takes precedence?
If that is so this is different from the rules file where the first match wins - here is the opposite - the last match wins, is that right (in which case the broader rules should, indeed, be at the beginning)? > No -- Shorewall has always had a policy file. And The compiler complains > (warning) if you add a rule that is, in fact, a policy (e.g. ACTION, > SOURCE, and DEST and nothing else). > I thought wrong then. >> So, I guess what I am really after is something similar to the policy >> file, but for secmarks. >> > > Sorry -- I don't believe that it is worth the effort. > Fair enough Tom. ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
