> 1) Multiple source or destination ipset matches can be generated by > enclosing the ipset list in [...]. > > Example (/etc/shorewall/rules): > > ACCEPT $FW net:+[dest-ip-map,dest-port-map] > Converting the 'old' format from "$FW:!+dest-port[dst] net:+dest-net" to "$FW net:+[dest-net,!dest-port]" gives me ERROR: Invalid DEST Converting the 'old' format from "$FW:+dest-port[dst] net:!+dest-net" to "$FW net:+[!dest-net,dest-port]" gives me ERROR: Missing ']' (+[) Converting the 'old' format from "$FW:!+dest-port[dst] net:!+dest-net" to "$FW net:!+[dest-net,dest-port]" gives me ERROR: An ipset name (+[dest-net,dest-port]) is not allowed in this context
------------------------------------------------------------------------------ Virtualization is moving to the mainstream and overtaking non-virtualized environment for deploying applications. Does it make network security easier or more difficult to achieve? Read this whitepaper to separate the two and get a better understanding. http://p.sf.net/sfu/hp-phase2-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
