Got it working shortly after.
I missed the CONTINUE entry for the child zone in /etc/shorewall/policy.
Thanks!
/A
On Wed, Jul 15, 2015, 00:20 Tom Eastep <[email protected]> wrote:
> On Tue, 2015-07-14 at 22:27 +0200, antoon huiskens wrote:
> > I understand whitelisting within a subnet can be done with nesting.
> >
> >
> > Curious to see if this can also be done dynamically? I'm struggling to
> > set that up.
> >
> >
> > I can configure dynamic ipsets, but whenever I add an ip to it, it
> > ends up being blocked.
> >
> Do you want entries in your whitelist to override entries in your
> blacklist (/etc/shorewall/blrules)?
>
> If so, you need to place your whitelisting ipset rules at the top of
> your blrules file.
>
> ACCEPT zone1:+whitelist all
>
> -Tom
>
>
>
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
