Hi, Jiří Červenka wrote: > Using black list helped, replacing not. But I want to be able to control > this by rules file.
Ok, and I left my mind somewhere, the local IP didn't make sense anyhow. >>>>> policy: >>>>> #SOURCE DEST POLICY LOG LEVEL >>>>> LIMIT:BURST >>>>> loc net ACCEPT >>>>> loc wifio ACCEPT >>>>> loc loc ACCEPT >>>>> loc fw ACCEPT >>>>> fw net ACCEPT >>>>> fw wifio ACCEPT >>>>> fw loc ACCEPT >>>>> net all DROP >>>>> all all REJECT >>>>> wifio net ACCEPT >>>>> wifio loc ACCEPT >>>>> wifio fw ACCEPT >>>>> road loc ACCEPT >>>>> #LAST - ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE How come you have a net -> all DROP policy and still you seem to accept connections from exactly that yo your ftp server? Based on the policies, that traffic should be dropped, even without the additional rule you mentioned earlier. Is there any rule in your rules file that is accepting net -> loc traffic? If you want to drop FTP traffic, that rule should be at least _above_ any rule accepting it. Otherwise, please send your rules file, or the information that is normally requested at http://www.shorewall.net/support.htm. -- - Pieter ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
