On 10/30/2015 9:54 AM, Ed W wrote: > Hmm, I get some clues here: > http://linuxgazette.net/175/brownss.html > > So I need to translate > iptables -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT > iptables -A FORWARD -p tcp --syn -j ACCEPT > iptables -A FORWARD -p tcp -j REJECT --reject-with tcp-reset > > into shorewall syntax. Any suggestions? > > Do I need to use inline() to do the above? >
You don't want the above -- it accepts *ALL* tcp connection requests. In the NEW section, simply place this rule: NotSyn(REJECT) all all tcp -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
