On Wed, Apr 10, 2019 at 9:45 PM Tom Eastep <teas...@shorewall.net> wrote: > > ADD(POL_BL:src):info:polbl,add2polbl > > net1,net2,net3:!+POL_BL,+GLOBAL_WL,+NORMAL_WL all tcp,udp - > > !+POL_BL_EXCL > > > > That is a good solution. Another would be to create an action with > multiple leading CONTINUE rules (that together specify the ports that > you want to exclude) followed by an ADD rule.
Unfortunately, I cannot use an ipset for that because I get an error: ERROR: Invalid/Unknown tcp port/service (+POL_BL_EXCL) So I'll have to look into what you are suggesting (CONTINUE rules). Once again... Thanks! Also, thanks for still sticking around. It's comforting. Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
