Scratch my previous e-mail. If the IPS "repeats"/reinjects the packet by marking it with a fixed value (10 in my case) then I can only do one NFQUEUE call from Shorewall. Otherwise, I believe the NFQUEUE calls after the first one will simply be ignored since the packets will already be marked (10).
eg.: # first call OK: NFQUEUE(0:5,bypass) dmz,evpn,ivpn,hvpn,ovpn,vpn1,vpn2:!+CORP_IPS_BL,+CORP_POL_BL,+CORP_GLOBAL_WL lan,fw udp 137,138,139 - - - - !10 # userpsace application reinjects packet with mark value 10 # so the second NFQUEUE is always skipped: NFQUEUE(0:5,bypass) lan,fw dmz,evpn,ivpn,hvpn,ovpn,vpn1,vpn2:!+CORP_IPS_BL,+CORP_POL_BL,+CORP_GLOBAL_WL udp - 137,138,139 - - - !10 Bummer. Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
