> But have your favorite IP reference book handy > before you try... > I've just made another observation: ip range (like 10.1.1.0-10.1.1.255 or even 10.1.1.1,10.1.1.2) is rejected by shorewall, but specifying 10.1.1.0/24 is, apparently, OK (I haven't tested whether that would actually run though)?
If that is the case it would complicate things significantly when I start designing my "compile" script for ipset replacement as I would have to create a separate rule (i.e. a line) for each ip address I encounter in my ipset - bl**dy hell! OK, I may get away with it if I could shove all the ip members into a cidr address, but that is one hell of a workaround! Ah, well... ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
