> 1) The OPTIONS column in the blacklists file may now be a comma- > separated list of 'to' and 'from'. Duplicates are ignored with a > warning message. > I am trying to use this (with ipsets and "from,to" specified in the options column), but I don't think it works!
I looked at "shorewall show" and the only difference I can spot (between using no option and "from,to" in the option column) is one additional chain (blocklist I think it was called), which is only referenced by eth0_fwd, which in itself has 0 references. Trying to initiate a connection to a banned address "succeeds" (it is stopped by the "manual" drop statements I have in my fw2net chain). I remember you mentioned something about blocklist=1 and blocklist=2, but there is nothing in "man shorewall.conf" or "man blacklist". ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
