Tom When /etc/shorewall/notrack contains the following:
lan:eth0 eth0:192.168.0.42 udp 999 1234 the shorewall compiler rejects it. However if the following exclusion is specified: lan:eth0 eth0:!192.168.0.42 udp 999 1234 the shorewall compiler allows it, but the following invalid iptables rule is generated ( two -d parameters): -A lan_notrk -p 17 --dport 999 --sport 1234 -i eth0 -d 192.168.0.5 -d ! 192.168.0.42 -j NOTRACK Steven. ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
