Tom Eastep wrote: erview.html. > > It appears, however, that you don't have the exact rule that I posted > since the loc2net chain does not include any rules blocking traffic to > rfc1918 addresses. > > If you do have this rule: > > REJECT all net:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 > > then please send me a tarball of your /etc/shorewall directory as I need > to understand why 'loc2net' is missing those rules. >
The loc2net rules are being optimized away because they duplicate the
loc->net policy (REJECT). To fix this, use REJECT!:
REJECT! all net:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
