Re: [Shorewall-devel] Shorewall 4.4.25 Beta 1

Tue, 11 Oct 2011 16:02:10 -0700 

On Tuesday 11 October 2011 00:47:12 Tom Eastep wrote:
> On Oct 10, 2011, at 4:26 PM, Tom Eastep wrote:
> > On Oct 10, 2011, at 3:36 PM, Steven Jan Springl wrote:
> >> The attached minimal config. generates the following rules if
> >> BLACKLISTNEWONLY=No
> >>
> >> -A fw2lan -p 6 --dport 1 -j DROP
> >> -A fw2lan -p 6 --dport 2 -m conntrack --ctstate ESTABLISHED -j DROP
> >> -A fw2lan -m conntrack --ctstate ESTABLISHED -j ACCEPT
> >> -A fw2lan -p 6 --dport 3 -m conntrack --ctstate RELATED -j DROP
> >> -A fw2lan -j dynamic
> >> -A fw2lan -j ACCEPT
> >>
> >> If BLACKLISTNEWONLY is changed to Yes, the following rules are
> >> generated:
> >>
> >> -A fw2lan -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
> >> -A fw2lan -p 6 --dport 1 -j DROP
> >> -A fw2lan -p 6 --dport 2 -m conntrack --ctstate ESTABLISHED -j DROP
> >> -A fw2lan -p 6 --dport 3 -m conntrack --ctstate RELATED -j DROP
> >> -A fw2lan -m conntrack --ctstate NEW,INVALID -j dynamic
> >> -A fw2lan -j ACCEPT
> >>
> >> It appears that the rules in the RELATED and ESTABLISHED sections would
> >> never be executed.
> >
> > It appears that in trying to work on two releases at the same time this
> > weekend, I dropped my last set of changes. I'll recover them and issue
> > Beta 2.
>
> Steven,
>
> The missing part was not very big so I just created a patch.
>
> Thanks,
> -Tom
>
Tom

Confirmed, the patch works.

Thanks.

Steven.

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to