On Wed, Jan 03, 2007 at 07:44:10AM -0800, Tom Eastep wrote: > Roberto C. Sanchez wrote: > > > > SSH/ACCEPT net:w.x.y.z/a $FW > > SSH/ACCEPT net $FW - - - - > > 1/min:2 > > > > You are headed in the right direction. >
Works like a charm. To confirm, though, the non-rate limited rule must come first as it is more restrictive in the hosts to which it applies, correct? If the order were reversed, I imagine everything would match the first, as it is more general and then nothing would get past it. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
