Noc Phibee wrote: > i don't know if it's important, but the asterisk server are on the same > serveur of shorewall
From the comments at the top of /etc/shorewall/tcrules: # For example, all packets # for connections masqueraded to eth0 from other # interfaces can be matched in a single rule with # several alternative SOURCE criteria. However, a # connection whose packets gets to eth0 in a # different way, e.g., direct from the firewall # itself, needs a different rule. # # Accordingly, use $FW in its own separate rule for # packets originating on the firewall. In such a rule, # the MARK column may NOT specify either ":P" or ":F" # because marking for firewall-originated packets # always occurs in the OUTPUT chain. # In other words, you need $FW in the SOURCE column for rules governing traffic that originates on the firewall itself. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
