Hi, I have the following in my rules file:
DNAT net2:!+IPS_BL,+POL_BL,+GEO_BL,+GEOIPS_BL loc:10.215.145.81 tcp 80,443 - - 30/min:35 [...] ADD(POL_BL:src):info:polbl,add2polbl net1,net2,net3:!+POL_BL,+GLOBAL_WL all tcp,udp - !443,80,25,3389 Suppose host at x.x.x.x tries to access via port 80 through shorewall, I understand the connection should have been DNAT'ed, right? In no case should it had been added to the POL_BL ipset, right? However, in shorewall's log I can see the following line: Oct 15 10:48:09 Shorewall:polbl:add2polbl:IN=ppp2 OUT= MAC= SRC=x.x.x.x DST=y.y.y.y LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=13247 DF PROTO=TCP SPT=52576 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x2 Any clues? Do you need a dump? Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
