On 9/5/10 11:43 AM, Mr Dash Four wrote: > >> You can't just read what you want to read and ignore the rest. The man >> page goes on to say: >> >> Note: Blacklisting is still restricted to traffic arriving on an >> interface that has the ´blacklist´ option set. So to block traffic from >> your local network to an internet host, you must specify blacklist on >> your internal interface in shorewall-interfaces[1] (5). >> >> You should not expect to see a reference to 'blacklist' in your fw2net >> chain since such traffic could not possibly have arrived on an interface >> that has the 'blacklist' option set. >> > OK, simple question then (as we screwed away from the SECMARK business, > which is what this thread was supposed to be discussing) - provided I > use the statements you know about in my blacklist file would that block > traffic originating FROM my machine to these blacklisted addresses? Yes > or No?
No -- nor was it intended to. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
