On Fri, 2011-09-30 at 18:05 +0100, Mr Dash Four wrote: > > Do you *really* need a zone name in the blacklist file, or would > > specifying an interface meet your needs? > > > I am not sure to be honest! > > Now that you mention it, provided the blacklist chain (in whatever form > you decide to change it/implement it to) is the first one to be checked > for each interface - in either direction - than I don't really mind that > at all, provided blacklist and whitelist functionality remains the same, > that is. > > Are you thinking of dumping the blacklst and blackout chains in the > INPUT, OUTPUT and FORWARD chains, filtering out just the interface?
No: I'm merely suggesting that the first column could be of the form <interface>:<network list>. The <interface> would be the source interface in 'src' entries and the destination interface in 'dst' entries. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
