On 4/10/19 7:24 PM, Vieri Di Paola wrote: > On Wed, Apr 10, 2019 at 9:45 PM Tom Eastep <teas...@shorewall.net> wrote: >>> ADD(POL_BL:src):info:polbl,add2polbl >>> net1,net2,net3:!+POL_BL,+GLOBAL_WL,+NORMAL_WL all tcp,udp - >>> !+POL_BL_EXCL >>> >> >> That is a good solution. Another would be to create an action with >> multiple leading CONTINUE rules (that together specify the ports that >> you want to exclude) followed by an ADD rule. > > Unfortunately, I cannot use an ipset for that because I get an error: > > ERROR: Invalid/Unknown tcp port/service (+POL_BL_EXCL)
Ah yes -- I failed to notice that you want to exclude based on the source port (why do you want to do that?) -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
