On Tue, 2015-07-14 at 22:27 +0200, antoon huiskens wrote: > I understand whitelisting within a subnet can be done with nesting. > > > Curious to see if this can also be done dynamically? I'm struggling to > set that up. > > > I can configure dynamic ipsets, but whenever I add an ip to it, it > ends up being blocked. > Do you want entries in your whitelist to override entries in your blacklist (/etc/shorewall/blrules)?
If so, you need to place your whitelisting ipset rules at the top of your blrules file. ACCEPT zone1:+whitelist all -Tom ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
