On 04/19/2013 10:26 AM, Tom Eastep wrote: > Okay -- here is the complete patch. > > This also allows the simple form: > > Rules: > > SECTION INPUT > NFACCT(all) - +dmz-net(dmz_in) > > SECTION OUTPUT > NFACCT(all) - - +dmz-net(dmz_out) > > SECTION FORWARD > NFACCT(all) - +dmz-net(dmz_fwd) > COUNT - - +dmz-net(dmz_fwd)
Note that with this patch, you *must* use the above form rather than: NFACCT(dmz_fwd) - - +dmz-net In this form, the ipset match gets added to the rule *after* the nfacct match. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
