>However: > >shorewall.conf >~~~~~~~~~~~~~~ >BLACKLIST="NEW,UNTRACKED" > >blrules >~~~~~~~ >New(dropInvalid) $FW net >dropInvalid $FW net >WHITELIST $FW:+whitelist net ><EOF> > >produces: > >-A fw2net -m conntrack --ctstate NEW,UNTRACKED -j fw2net~ >[...] >-A fw2net~ -m set --match-set whitelist dst -j RETURN > >In other words the single RETURN isn't optimised away. When I have:
Patch attached. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice.
RESETOPTS.patch
Description: Binary data
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
