Shorewall 4.0.15 (Debian Lenny) I'm trying to drop all packets from any IP address not listed in a specific ipset. http://oss.org.cn/man/network/shorewall-docs-html-3.0.8/ipsets.html says, "To generate a negative match, prefix the "+" with "!" as in "!+Mirrors"."
My rule: DROP net:!+kaelist $FW tcp 222 When restarting Shorewall, I get: ERROR: Unknown interface !+kaelist in rule: "DROP net:!+kaelist fw tcp 222 " Is what I'm doing possible and, if so, what's the syntax needed? Thanks, Keith ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
