On Sep 30, 2011, at 3:13 PM, Mr Dash Four wrote: > >>>>> Are you thinking of dumping the blacklst and blackout chains in the >>>>> INPUT, OUTPUT and FORWARD chains, filtering out just the interface? >>>>> >>>>> >>>> No: I'm merely suggesting that the first column could be of the form >>>> <interface>:<network list>. The <interface> would be the source >>>> interface in 'src' entries and the destination interface in 'dst' >>>> entries. >>>> >>>> >>> Where are you going to place these statements - in the same >>> blacklst/blackout chains shared among all zones or somewhere else? If >>> so, where? >>> >> Same chains as today. >> > So, if I place 50 blacklist entries for tun0 and 1 for eth0, then in > order to get a packet through eth0 it has to traverse through 51 entries > in that same chain? "Square pegs in round holes" comes to mind... > Thanks, but no thanks! >
Why? It doing that now. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
