> Shorewall has one source-match generator and one destination-match > generator that are used anytime an address match is needed; both accept > ipsets. > So Source/Destination works the same way no matter where it is specified? Makes perfect sense from a programmers point of view and makes policy-writing consistent across the board.
> Don't know if you noticed but destination blacklisting should now work > that way you prefer. Just don't look for a jump in fw2net; blacklisting > occurs before that chain is entered. > I didn't notice this until your comment above and then read it in the release notes for beta4. That's very good and it was needed - I had to maintain 2 separate files, not to mention that I had to include all interfaces in the blacklisted ipsets. I take it this now works across all interfaces (no matter how many are on the host system) and in both directions, right? ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
