Is there a way I could use the above two jump targets in my rules file? The reason is that for some hosts (well, ipset, actually) I would like the blacklist/blackout checks to be bypassed. Currently I have the following rather ugly hack in "start":
run_iptables -R fw2net 1 -m set ! --match-set whitelist dst -j blackout run_iptables -R net2fw 1 -m set ! --match-set whitelist src -j blacklst If there is a way I could do this in the rules file without reverting to the above that would be perfect. The idea to my "whitelist" is pretty simple - creating pinholes in the blacklist/blackout chains for hosts/subnets I trust regardless of whether these are blacklisted or not. ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
