> Set blacklist=1 on eth0. > Right, so in other words blacklist=2 only blocks forwarded traffic passing through this interface destined to nets in the blacklist with the 'to' option. Wouldn't it be easier to just use 'fwd' as the blacklist option - 'to' with blacklist=2 is very different from 'to' and blacklist=1, you can just have 'blacklist' and choose between 'from','to' (as if blacklist=1) and, say, 'fwd' (as if blacklist=2) - no need for so many permutations when these 3 options in the blacklist file alone will cover everything you'll ever need. As I wrote previously - confusing.
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
