On 9/5/10 11:04 AM, Tom Eastep wrote: > On 9/5/10 10:58 AM, Mr Dash Four wrote: >> >>> Here's a patch that allows '-'. >>> >> Thanks for that, though I have just replaced all occurrences of "-" with >> "_", then manually loaded the init file and executed shorewall - it was >> OK this time and without errors, though I am baffled by something else - >> I expected to see the "blacklst" chain to appear in my fw2net so that it >> blocks "blacklisted" packets FROM my machine, but my fw2net is clear of >> such thing. There is no reference to blacklst there! >> >> The blacklst chain itself contains the "src" and "dst" match-set >> statements as expected, but how are my packets FROM my FW to the >> "blacklisted" addresses banned? Or are they?! Or is it that I am missing >> something with the new format? >> > > The 'to' option does not work from the firewall itself. As stated in the > release notes where the feature was introduced, the blacklist is still > applied on packets arriving on 'blacklist' interfaces.
The shorewall-blacklist man page also makes this point. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
