On 5/26/11 4:49 PM, Mr Dash Four wrote: > >> You must be blacklisting 'out' traffic on the test machine. >> > So, is this "ctstate INVALID,NEW" supposed to appear when I have 'out' > traffic blocked? Because I have this now in my blacklist: > > +whitelist - - whitelist,src,dst > +test - - src,dst > > and I am still getting the same thing - "ctstate INVALID,NEW"!
Right -- you have BLACKLISTNEWONLY=No, correct? > > Also, when I have A_AUDIT/A_DROP (the new jumps) involved in the Drop > and Reject actions the comments in those two chains are assumed from the > first use of these (AAllowICMPTypes and Auth from the default Drop and > Reject actions in my case), so I think you need to remove these as they > are misleading. Yep. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
