On 7/22/19 5:01 AM, John Hill via Shorewall-users wrote: > I have several entries in blrules. They work fine, except DNAT seems to > take place before the blacklists. > > I asked this before but I could not get DNAT- and accept to work. > > > I have looked through the documentation but can't find anything to help > me understand DNAT-. > > I hope to run all connections through the blacklists before DNAT if > possible. > > Sorry to be such a block head, but I can't seem to get Shorewall to > accept my configuration attempts. >
DNAT always occurs before the blacklisting. Blacklisting takes place in the nat table while blacklisting occurs in the filter table. Since the nat table is traversed prior to the filter table (see http://www.shorewall.org/NetfilterOverview.html), NAT necessarily occurs first. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
