On 09/23/2010 10:56 AM, Mr Dash Four wrote: > >> No -- it must be at the beginning. >> > In that case if I have a subsequent match(es) should I then assume the > latest matching rule takes precedence?
SECMARK rules, like MARK rules, are non-terminating. So even when a rule matches, the packet is passed on to the next rule. > > If that is so this is different from the rules file where the first > match wins - here is the opposite - the last match wins, is that right > (in which case the broader rules should, indeed, be at the beginning)? Yes -- same as in the tcrules file. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
