> The patch that I posted in response Steven Springl's report may fix this. > Yeah, it did. After further testing I found this:
AllowICMPs(audit) does not produce any audit jumps, but still uses ACCEPT statements. Similarly, DropUPnP(audit) just DROPs instead of A_DROP. Same goes for DropDNS(audit) - DROP is the iptables statement instead of A_DROP. > Well, if you really want to audit every broadcast that your firewall > receives, then go for it. > That's not the point - I am testing functionality, hence check for all possible remotely-sane scenarios provided I have adhered to the correct shorewall syntax. ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
