On Thu, 2006-12-10 at 15:52 -0700, Tom Eastep wrote: > How about if I add a 'maclist' extension script? It would be invoked just > before > logging. That way, you can place your 'run_iptables -A' command in that script > and they will be inserted at the proper place in the chain.
Sounds decent. > That gives you all > the flexibility you need -- you can even make your file a one-liner: > > run_iptables -A $CHAIN -j Drop So $CHAIN is defined to be the name of the relevant chain when the script is invoked? > And I'd be happy to slip that into the next 3.2 release :-) Nice. :-) The whole thing seems pretty good to me. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
