On Oct 10, 2011, at 3:36 PM, Steven Jan Springl wrote: > > The attached minimal config. generates the following rules if > BLACKLISTNEWONLY=No > > -A fw2lan -p 6 --dport 1 -j DROP > -A fw2lan -p 6 --dport 2 -m conntrack --ctstate ESTABLISHED -j DROP > -A fw2lan -m conntrack --ctstate ESTABLISHED -j ACCEPT > -A fw2lan -p 6 --dport 3 -m conntrack --ctstate RELATED -j DROP > -A fw2lan -j dynamic > -A fw2lan -j ACCEPT > > If BLACKLISTNEWONLY is changed to Yes, the following rules are generated: > > -A fw2lan -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > -A fw2lan -p 6 --dport 1 -j DROP > -A fw2lan -p 6 --dport 2 -m conntrack --ctstate ESTABLISHED -j DROP > -A fw2lan -p 6 --dport 3 -m conntrack --ctstate RELATED -j DROP > -A fw2lan -m conntrack --ctstate NEW,INVALID -j dynamic > -A fw2lan -j ACCEPT > > It appears that the rules in the RELATED and ESTABLISHED sections would never > be executed. >
Steven, It appears that in trying to work on two releases at the same time this weekend, I dropped my last set of changes. I'll recover them and issue Beta 2. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
