> We only have two zones: net (through p1p1 interface) and $FW > So I guess your configuration would not work for us. Or am I wrong?
A simpler configuration will work for you (remove all lines which contain "loc"). I guess that using "SECTION ALL" produces a rules file that's easier to read, I'll try that in nethserver. snort stops processing the nfqueue when it reads the rules after an update, we chose to let traffic flow. -- Ciao, Filippo ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
