On 22/04/2012 17:22, Tom Eastep wrote: > Reject traffic going out of an interface if it doesn't have the correct > mark.
Seems too obvious... I'm just trying now. I really want to write this: DROP:info any !net:eth0 - - - - - - 0x10000/0xF0000 But I can't negate a destination right? I need to pass the packet if it has no routemark or a specific routemark. I think I can do it if I create an action with a bunch of continues and a drop at the end - just going to test that now. However, is there a similarly much more obvious or neater solution? Thanks Ed W ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
