On 1/26/11 12:51 PM, Tom Eastep wrote: > > Are you using a proxy like Squid? If so, that is bypassing the rule. > Otherwise, please collect the output of 'shorewall dump' and submit it > along with the information requested at > http://www.shorewall.net/support.htm#Guidelines.
Of course, you could also have ACCEPT, DNAT or REJECT rules above your
REJECT rule in /etc/shorewall/rules. From the shorewall-rules man page:
"For any particular (source,dest) pair of zones, the rules are
evaluated in the order in which they appear in this file and
the first terminating match is the one that determines the
disposition of the request. All rules are terminating except
LOG and COUNT rules."
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
