> When multiple matches are specified, the compiler will keep them in > the order in which they appear, but they will not necessarily be at > the end of the generated rule. For example, if addresses are > specified in the SOURCE and/or DEST columns, their generated matches > will appear after those specified using ';'. > rules ~~~~~ INLINE $FW net ; -m mickey-mouse --name test -p 6 -m set --match-set set1 src -m mickey-mouse --name test2 -j SECCTX --name test3
generates -A fw2net -p 6 -m mickey-mouse --name test -m mickey-mouse --name test2 -m set --match-set set1 -j SECCTX --name test3 > As part of this change, a new 'builtin' action type has been added. > ip[6]tables targets not supported by Shorewall (such as 'SECCTX' in > the example above), must be defined in your > /etc/shorewall[6]/actions file: > > Example: > > SECCTX builtin > That now works and error is issued when "SECCTX" is not in actions. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
