On 9/14/10 1:07 PM, Mr Dash Four wrote: > >> 1) The OPTIONS column in the blacklists file may now be a comma- >> separated list of 'to' and 'from'. Duplicates are ignored with a >> warning message. >> > I am trying to use this (with ipsets and "from,to" specified in the > options column), but I don't think it works!
It's broken in Beta 4. > > I looked at "shorewall show" and the only difference I can spot (between > using no option and "from,to" in the option column) is one additional > chain (blocklist I think it was called), which is only referenced by > eth0_fwd, which in itself has 0 references. Trying to initiate a > connection to a banned address "succeeds" (it is stopped by the "manual" > drop statements I have in my fw2net chain). > > I remember you mentioned something about blocklist=1 and blocklist=2, > but there is nothing in "man shorewall.conf" or "man blacklist". Man shorewall-interfaces. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
