>> Thanks! By looking at that patch, it takes ":NI" in the secmark's STATE >> sub-column to mark packets with cstate NEW,INVALID, is that right? >> > > That's correct. > Does cstate "NEW,INVALID" means packets with cstate NEW *or* INVALID or NEW *and* INVALID? It is important as that kind of matching is not first match wins and I need to distinguish those from my other "catch-all" marking.
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
