> > So this isn't really a firewall -- it's a host that happens to run > Shorewall. That is not a use case that I target with Shorewall, although > Shorewall can be used there. > It won't make a big difference whether this rogue code executes on a single host 'that happens to run Shorewall' or if it resides on a firewall with 3+ different interfaces, controlling 3+ different networks - that traffic (initiated from the rogue code) still originates from that machine and is destined to the outside world.
Anyway, this is all academical now - in my case I am reverting to the old format as this is how traffic originating from that machine to rogue IP addresses can be dropped. I was hoping that with the new syntax I won't need to include DROP fw2net rules in my rules file, but that is not the case. No worries, thanks for clarifying. ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
