On 6/15/10 10:33 AM, Mr Dash Four wrote: >> >> No -- read 'man shorewall-blacklist' >> > I see! So 'blacklist' in shorewall terms means > 'blocking-source-IP-addresses-or-subnets-only'. That's a bit daft! It > would have been better if I could ..erm... blacklist connections to AND > from IP addresses specified in the blacklist file, otherwise what is the > point of calling it, rather misleadingly, 'blacklist' when connections > TO the 'blacklisted' IP addresses are still allowed?!
You too, sir, can dispense with the arsey comments.
>>
> Read the above again - where did I state that I expected it to 'work'? I
> am getting an error, so it is obvious that it is not working, hence my
> initial query. The idea was to use the portmap sets with shorewall in
> the same way I use ipmap/iptreemap ones. That was the whole reason for
> my second query - I though that was pretty clear (well, not for you,
> obviously).
The syntax for using ipsets is the same, regardless of the set type.
ACCEPT $FW net:+ip-portmap-set tcp
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
