On 9/5/10 11:15 AM, Mr Dash Four wrote: > >> The 'to' option does not work from the firewall itself. As stated in the >> release notes where the feature was introduced, the blacklist is still >> applied on packets arriving on 'blacklist' interfaces. >> > In other words this new blacklist format does not stop packets FROM my > interface (even if the 'blacklist' option is used) to "blacklisted" > addresses, is that right? If so, then I need to restore my old DROP > statements I've had in the rules file and remove half of the statements > currently in my blacklist file. >
I guess I'm baffled as to why a firewall needs to have an outgoing blacklist. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
