Tom Eastep wrote: >Other changes in Shorewall 4.0.1. > >1) A new EXPAND_POLICIES option is added to shorewall.conf. The > option is recognized by Shorewall-perl and is ignored by > Shorewall-shell. > > Normally, when the SOURCE or DEST columns in shorewall-policy(5) > contains 'all', a single policy chain is created and the policy is > inforced in that chain. For example, if the policy entry is > > #SOURCE DEST POLICY LOG > # LEVEL > net all DROP info > > then the chain name is 'net2all' which is also the chain named in > Shorewall log messages generated as a result of the policy. If > EXPAND_POLICIES=Yes, then Shorewall-perl will create a separate > chain for each pair of zones covered by the policy. This makes the > resulting log messages easier to interpret since the chain in the > messages will have a name of the form 'a2b' where 'a' is the SOURCE > zone and 'b' is the DEST zone. See > http://linuxman.wikispaces.com/PPPPPPS for more information.
Am I right in thinking that this means we can now leave out all those "x y drop" policies that are only in there for logging/debugging purposes ? Nice :-) ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
