On 8/23/10 4:08 PM, Steven Jan Springl wrote: > Tom > > The attached config contains just 2 rules. > The first rule correctly generates the following iptables rules: > > -A fw2dmz -p tcp -m tcp --dport 23 -j ACCEPT > -A lan2dmz -p tcp -m tcp --dport 23 -j ACCEPT > > However, the second rule generates the following iptables rules: > > -A dmz2dmz -p tcp -m tcp --dport 25 -j ACCEPT > -A dmz2dmz -j ACCEPT > > Is this correct?
The second iptables rule is generated by the implicit dmz->dmz ACCEPT policy. However, your second rule should have generated no iptables rules since you specified 'all' rather than 'all+'. I'll take a look. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
