>> It appears, however, that you don't have the exact rule that I posted
>> since the loc2net chain does not include any rules blocking traffic to
>> rfc1918 addresses.
>>
>> If you do have this rule:
>>
>> REJECT all net:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
>>
>> then please send me a tarball of your /etc/shorewall directory as I need
>> to understand why 'loc2net' is missing those rules.
>>
>
> The loc2net rules are being optimized away because they duplicate the
> loc->net policy (REJECT). To fix this, use REJECT!:
>
> REJECT! all net:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
YES! THANK YOU VERY MUCH!
'iptables' work as i need and LOGALLNEW option is what i found.
Alex
--------------------
Вы ждали новое деловое издание. 'Деловой вестник': новости, факты,
комментарии специалистов в сфере экономики и бизнеса.
Пилотный номер газеты в Вашем офисе – 28 ноября. Подписной индекс – 633502
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
