Tom The following rules:
CONTINUE lan:192.168.0.0/24,!192.168.0.3 $FW tcp 23 ACCEPT lan:192.168.0.0/24 $FW tcp 21 produces the following iptables rules: -A lan2fw -p tcp --dport 23 -s 192.168.0.0/24 -j exc10 -A lan2fw -p tcp -dport 21 -j ACCEPT -A exc10 -s 192.168.0.3 -j RETURN -A exc10 -j RETURN It appears to me that no matter what the source IP address is, the CONTINUE is not performed, as both iptables rules in the exc10 chain will return to the lan2fw chain. The policy file contains: fw all ACCEPT: all all DROP warn The zones file contains: fw firewall lan ipv4 Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
