On 9/5/10 10:58 AM, Mr Dash Four wrote: > >> Here's a patch that allows '-'. >> > Thanks for that, though I have just replaced all occurrences of "-" with > "_", then manually loaded the init file and executed shorewall - it was > OK this time and without errors, though I am baffled by something else - > I expected to see the "blacklst" chain to appear in my fw2net so that it > blocks "blacklisted" packets FROM my machine, but my fw2net is clear of > such thing. There is no reference to blacklst there! > > The blacklst chain itself contains the "src" and "dst" match-set > statements as expected, but how are my packets FROM my FW to the > "blacklisted" addresses banned? Or are they?! Or is it that I am missing > something with the new format? >
The 'to' option does not work from the firewall itself. As stated in the release notes where the feature was introduced, the blacklist is still applied on packets arriving on 'blacklist' interfaces. -Topm -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
