>> If you can't find an easy solution to this, not to worry - I could >> always include the entire rule after ";" and leave the bare minimum >> (<src> and <dst>) on the left side of ";". I am not sure how this would >> impact the optimiser though. >> > > The only possible issue will be multiple instances of the same match. > You mean multiple instances after ";" or on both sides of ";"? Either way, I would say shorewall have done a pretty good job of sanitising various silly combinations/scenarios, so allowing for multiple matches (which was expected any way, given the nature of INLINE) isn't really a big deal I would think.
>> 6. >> rules >> ~~~~~ >> INLINE $FW:10.1.1.1 net:+mickey-mouse ; ! -m mickey-mouse --name test2 >> >> produces >> >> -A fw2net -s 10.1.1.1 -m mickey-mouse ! --name test2 -m set --match-set >> mickey-mouse dst >> >> I presume the "!" will mess things up if I try other such combinations, >> so I am not fully testing this for the time being. >> > > The compiler actually did the 'right' thing there, even though what you > entered was not valid iptables syntax. > Yeah, I realised that as soon as I reported it. Shorewall should have at least warned me though. >> One query: are parameters accepted in the bit after ";"? Something like >> "INLINE $FW net ; ! -m my-owner --owner $MY_UID -j DROP"? >> > > Yes. > Yep, that was just tested as well. I'll do a little more testing tomorrow during the day (it's my day off, so I will have more time then) and report back if I find anything. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
