On May 14, 2011, at 6:42 PM, Mr Dash Four wrote: > Is there a way I could use the above two jump targets in my rules file? > > The reason is that for some hosts (well, ipset, actually) I would like > the blacklist/blackout checks to be bypassed. Currently I have the > following rather ugly hack in "start": > > run_iptables -R fw2net 1 -m set ! --match-set whitelist dst -j blackout > run_iptables -R net2fw 1 -m set ! --match-set whitelist src -j blacklst > > If there is a way I could do this in the rules file without reverting to > the above that would be perfect. The idea to my "whitelist" is pretty > simple - creating pinholes in the blacklist/blackout chains for > hosts/subnets I trust regardless of whether these are blacklisted or not. >
There is no other way to do that. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
