On 6/2/11 10:29 AM, Mr Dash Four wrote: > > >>> Thanks! By looking at that patch, it takes ":NI" in the secmark's STATE >>> sub-column to mark packets with cstate NEW,INVALID, is that right? >>> >> >> That's correct. >> > Does cstate "NEW,INVALID" means packets with cstate NEW *or* INVALID or > NEW *and* INVALID? It is important as that kind of matching is not first > match wins and I need to distinguish those from my other "catch-all" > marking. >
It is NEW *or* INVALID. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
