Tom Eastep wrote on 18/05/2007 11:44:41:
> Eduardo Ferreira wrote:
> >
> > If I create the extension script /etc/shorewall/extension/ict2fw (ict
is
> > my local zone) with this:
> >
> > #
> > #
> > run_iptables -I eth1_in -s 172.16.243.0/24 -p udp --dport 123 -j DROP
> >
>
> Out of curiosity, why do you need to insert this rule rather than just
doing
> the same thing in the rules file?
>
I really was trying to remember why ~/. IIRC, I had some problems in an
earlier version of shorewall (1.x?) years ago when I tried to insert the
rule - the IP range is not part of the source zone, It is used only when a
client connects via PPTP to a partner company and receives an IP in this
range. Shorewall complained in some bizarre way and I used an extension
to do the trick.
cheers,
--
Eduardo Ferreira
Icatu Holding S.A.
(21) 3804-8606
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
