-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/22/2017 10:24 AM, Tom Eastep wrote: > On 02/21/2017 03:16 AM, Guilsson . wrote: > >> Anyway, my question is not about dhcp and/or dns stuff. It's >> about making the REJECT rules take precedence over REDIRECT >> rules. > > > You can't. But what you can do is add these rules before all the > rest: > > NONAT loc net:8.8.8.8,8.8.4.4 udp domain NONAT loc > net:8.8.8.8,8.8.4.4 tcp domain > > That will prevent the REDIRECT rule from rewriting the destination > address in the packets that you want to reject. > > Note that the above rules both generate a warning which you can > ignore. >
You can eliminate the warnings by omitting 'net:' from the rules. NONAT loc 8.8.8.8,8.8.4.4 udp domain NONAT loc 8.8.8.8,8.8.4.4 tcp domain - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYrdsjAAoJEJbms/JCOk0QRhIP/i/gCt1x773f1LS4h5l+j+Mf HGOVrbrOHLBTTJFyD3GxCb+LXZHo8fUlLjk8te7tYhc2CfDlJ/mf5pRIfw3w39Nd waQJmI11qL/Gdmmg/jqR/TFAbX7N8wCyMPYp7idzVE0ZU1YY6rRZLlEL1N55nkP/ exBmf94rdIdvgKu042d4t7EhF/6owv32QABzL5Ueh5YuUOxo0PFG1baF9LCqJXvZ gt47rE8lVtM70btL2jEAqLC9FghP3dmeJwAClWu6kiTNZkmGygOYB6WzucUmcbMd K6m7Y5zRAIsuChG5u1tMz7XxgmoFp0FGzhEkL/HfOPYylXtNRbMtMpi9Y6rziptM QAxWTKLMc0UOOraQJw/+g4Fn0XZ+q37j/2R4z7hyaF3R2UditLFBHn6KCPPmH+UA Cmh/K1XDtzd4CflI607WKo+YsxnU5JtlbvoBHZdVvxlNcuM6UGqoYLPCeOftQ8LB you9QTjMmBjioEDQMBixOC2RvB/pbgt4CTtikTxRbHJl4MZ6gfMYgtAhDMOXW16e WEEIZAcs4U7P53QpyJW3GEZP7nRSXm6rmi44PP5wd27Hh8ve6Ee/edytC/hY4w0m dxAYj1+GPda3tOQHd3DmU8K9Ymg7INHyzpfW4RR6dUeBl1Q1kegCAwKOdACnsSU1 +NjQA9D14Rp6jXuCB37b =NdEG -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
