I think I've solved the problem. Despite what the shorewall-blacklist manual seems to say, the traffic direction does not default to 'src': it needs to be put in explicitly. When I changed the entry in /etc/shorewall/blacklist to
# Whitelist port 9001 for TOR - tcp 9001 src,whitelist the appropriate RETURN entry appeared in an iptables -L dump, and port 9001 isn't being blocked any longer, even from source IP addresses that appear in the blocking ipset. Shorewall version installed is 4.4.22.3-1, on a Debian wheezy box (sorry, should have said that before). ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA http://p.sf.net/sfu/rim-devcon-copy2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
