I am aware of that, however sometimes there isn't really a much better way than using dns names. that doesn't just affect shorewall but iptables in general of course.
ok but long story short - I am aware I'm doing this wrong, and hence there is no option to ignore failed rules, yes? I suppose i could use a cronjob that updates an ipset or so and then have shorewall use that ipset as a workaround. Do you guys have a better recommendation? Big fan of shorewall btw, used it for many years. Keep up the good work :) On Wed, Feb 28, 2024 at 08:24:00PM +0200, Tuomo Soini wrote: > On Wed, 28 Feb 2024 17:49:37 +0100 > Peter Thurner | Blunix GmbH via Shorewall-users > <shorewall-users@lists.sourceforge.net> wrote: > > > Hello shorewall users, > > > > is there a way to ignore failing rules in shorewall, specifically if > > /etc/shorewall/rules contains something like > > > > ACCEPT local pub:this.domain.doesnt.exist.com tcp 443 > > I suggest you read this part of documentation before using dns names in > your config. Especially the first Caution. > > https://shorewall.org/manpages/shorewall-names.html#idm30 > > > -- > Tuomo Soini <t...@foobar.fi> > Foobar Linux services > +358 40 5240030 > Foobar Oy <https://foobar.fi/> > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users with kind regards, Peter Thurner CEO Blunix GmbH -- Blunix GmbH Glogauer Straße 21 10999 Berlin Germany Web: https://www.blunix.com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
