Hey, great news. Thank you, man. > Actually, there is good news. I had originally taken a similar decision > with respect to port lists in that Shorewall-perl did not originally > support port lists with more than 15 ports, even though that was > supported by Shorewall-shell. I later came up with a way to post-process > rules with large port lists and break them into multiple rules. I wonder why it’s so complicated though. Because iptables doesn’t support multiple port types or more than 15 ports? I guess then iptables needs a general patch. :) Because I agree that that is no thing that Shorewall should do. It should be able to just pass a list to iptables.
> The attached patch does the same for ICMP lists. It applies with offsets > to Shorewall 4.4.15 (which is what I believe Gentoo currently supports): > > patch /usr/share/shorewall/Shorewall/Chains< ICMPLISTS.patch > > This patch will be included in Shorewall 4.4.19. Anyway, thanks. Trying it out today. By the way: If you still think I’m doing something wrong, I’m happy to learn something. Navid ------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
