Beta 4 is now available for testing.
1) This release includes support for 'Condition Match' which is
included in xtables-addons. Condition match allows rules to be
predicated on the setting of a named switch in
/proc/net/nf_condition/.
See
http://www.shorewall.net/configurat
On 01/10/2011 15:21, Tom Eastep wrote:
> 2) With the preceding change, the rules file now has 14 columns. That
> makes it awkward to specify the last column as you have to insert
> the correct number of '-' to get the right column.
>
> To make that easier, it is now allowed to terminat
On Oct 1, 2011, at 9:18 AM, Ed W wrote:
> On 01/10/2011 15:21, Tom Eastep wrote:
>> 2) With the preceding change, the rules file now has 14 columns. That
>>makes it awkward to specify the last column as you have to insert
>>the correct number of '-' to get the right column.
>>
>>To
Hi,
On Sat, 01 Oct 2011 17:18:56 +0100
Ed W wrote:
> Note, based on my previous email I might come across as having a
> particular preference towards json - it's not the case! This
> suggestion is purely based on the similarity with what you are doing
> and an existing config file format - reduc
Why yes, Yes it is. But I am happy with the current Shorewall
modifications. I would be willing to test it on one of my systems though :)
On 10/1/2011 16:15, Mark van Dijk wrote:
> Hi,
>
> On Sat, 01 Oct 2011 17:18:56 +0100
> Ed W wrote:
>
>> Note, based on my previous email I might come across
On 01/10/2011 18:20, Tom Eastep wrote:
> On Oct 1, 2011, at 9:18 AM, Ed W wrote:
>
>> On 01/10/2011 15:21, Tom Eastep wrote:
>>> 2) With the preceding change, the rules file now has 14 columns. That
>>>makes it awkward to specify the last column as you have to insert
>>>the correct number
On Sun, 2011-10-02 at 13:03 +0100, Ed W wrote:
> > What I have done for RC 1 is eliminate the need for the columnar format.
> > Here is an example of a blacklist file:
> >
> > ;proto=udp port=1024:1033,1434,5948,23773
> > ;networks=221.192.199.48
>
> Sure - I'm just highlighting that the above i
Hi
>> Consider two other interesting alternatives (not claiming either is
>> *better*, just alternatives)
>>
>> Perl style:
>> proto=>udp, port=>1024:1033,1434,5948,23773
>> networks=>221.192.199.48
> It's trivial to support that notion in addition to what I have currently
> implemented.
Ed,
On Mon, 2011-10-03 at 14:04 +0100, Ed W wrote:
>
> Actually, can I suggest that you *don't* support too many formats
> here? I only intended to show that there are various options, but I
> really think after that you should limit shorewall to "fewer" formats?
> (reduces scope for bugs and m
