> You can't just read what you want to read and ignore the rest. The man > page goes on to say: > > Note: Blacklisting is still restricted to traffic arriving on an > interface that has the ´blacklist´ option set. So to block traffic from > your local network to an internet host, you must specify blacklist on > your internal interface in shorewall-interfaces[1] (5). > > You should not expect to see a reference to 'blacklist' in your fw2net > chain since such traffic could not possibly have arrived on an interface > that has the 'blacklist' option set. > OK, simple question then (as we screwed away from the SECMARK business, which is what this thread was supposed to be discussing) - provided I use the statements you know about in my blacklist file would that block traffic originating FROM my machine to these blacklisted addresses? Yes or No?
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
