On Wednesday 24 January 2007 18:50, Tom Eastep wrote: > Noc Phibee wrote: > > i don't know if it's important, but the asterisk server are on the same > > serveur of shorewall
bingo... > > From the comments at the top of /etc/shorewall/tcrules: > > # For example, all packets > # for connections masqueraded to eth0 from other > # interfaces can be matched in a single rule with > # several alternative SOURCE criteria. However, a > # connection whose packets gets to eth0 in a > # different way, e.g., direct from the firewall > # itself, needs a different rule. > # > # Accordingly, use $FW in its own separate rule for > # packets originating on the firewall. In such a > rule, # the MARK column may NOT specify either ":P" > or ":F" # because marking for firewall-originated > packets # always occurs in the OUTPUT chain. > # > > In other words, you need $FW in the SOURCE column for rules governing > traffic that originates on the firewall itself. ...bongo :-) > > -Tom ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
