Anna Jonna Armannsdottir wrote: > On þri, 2008-05-20 at 08:54 -0700, Tom Eastep wrote: >> The advantage of this approach is that only TCP connections to port 80 >> go >> through the 'hiis' action chain. If you do it as Paul suggests, ALL >> connection requests go through a series of 5 rules, each of which >> tests for >> tcp port 80 and a particular source network. > That is more efficient, especially if there are many rules. > > Thanks for showing me this possibility.
What i can't understand is why you want to avoid the use of the hosts file in the first place. Having a zone that matches your targets is the most flexible way to manage traffic to and from those hosts. Paul ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
