Tom Blacklisting seems to work except when:
FASTACCEPT=Yes BLACKLISTNEWONLY=No which produces iptables rules: -A INPUT -m --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i eth0 -j eth0-in . -A FORWARD -m --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i eth0 -j eth0-fwd . . . -A eth0-in -j dynamic -A eth0-in -j blacklist . -A eth0-fwd -j dynamic -A eth0-fwd -j blacklist The blacklist check only takes place after the test for RELATED,ESTABLISHED so packets in those states will not be checked against the blacklist. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
