On 4/21/13 7:14 PM, "Dash Four" <[email protected]> wrote:
> >> OK, the main thing I've found so far is that shorewall does not touch >> the order of statements after ";" this time (compared to "rules"), so >> if I specify "INLINE ; -m nfacct --nfacct-name test -p 6 -m set >> --match-set test src --dport 1234" that passes as-is (that, obviously, >> won't pass iptables, but I am pleased that the order is preserved in >> whatever I throw after ";"). >No issues to report, except one or two suggestions: > >1. It would be nice if you could extend the nfacct syntax for ipsets to >specify more than one nfacct object, separated by commas - in the way >NFACCT(...) syntax currently is. For example: "+dmz-net(dmz,dmz_in)". Isn't that already there? >2. It would also be nice to extend the syntax for the exclamation mark >in NFACCT(...) so that it may apply to individual nfacct objects. For >example: "NFACCT(!dmz,dmz_in) - eth0:+dmz-net" - in this example "dmz" >nfacct object comes first, "dmz_in" comes last after the two conditions >- "-o eth0" and "m set --match-set dmz-net src" have been met. Of >course, if "NFACCT(dmz,dmz_in)!" is specified, then the exclamation mark >should apply (and it does) to both objects, while "NFACCT(!dmz,dmz_in)!" >should not be allowed. I would like to release RC 1 next -- my wife is having major surgery this week and I'm not going to be able to spend much time with Shorewall the rest of the month. > >On a side note, I like the ability to select multiple nfacct objects in >a single statement - very good idea this. Good! -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
