On Wed, Mar 26, 2008 at 11:22:53AM -0700, Tom Eastep wrote: > Example: > > net->dmz policy of "REJECT info" > > Rules: > > REJECT:info all all udp 1024 > ACCEPT net:1.2.3.4 fw > > In that case, net->fw UDP 1024 would still be allowed from 1.2.3.4 > because the REJECT rule duplicates the policy of net->fw so would not be > included in > the net2fw chain. Changing the REJECT:info to REJECT!:info does what the > rules intend.
Isn't that a bug? Shorewall should never discard a rule like that if it has parameters other than just "all all". ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
