> You must be blacklisting 'out' traffic on the test machine. > So, is this "ctstate INVALID,NEW" supposed to appear when I have 'out' traffic blocked? Because I have this now in my blacklist:
+whitelist - - whitelist,src,dst +test - - src,dst and I am still getting the same thing - "ctstate INVALID,NEW"! Also, when I have A_AUDIT/A_DROP (the new jumps) involved in the Drop and Reject actions the comments in those two chains are assumed from the first use of these (AAllowICMPTypes and Auth from the default Drop and Reject actions in my case), so I think you need to remove these as they are misleading. ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
