On 10/21/2013 11:59 AM, Brian J. Murrell wrote: > On 13-10-21 02:26 PM, Tom Eastep wrote: >> >> That's correct -- just run iptables directly. > > One thing I did think of that the dynamic chain has that this solution > doesn't and that's persistence of entries across a restart/reload. > > I suppose I could log banned entries in addition to installing the > iptables rule and then create a start action to reload those from the log. > > Is there any more elegant way to do it? >
You could keep a small file and reload from that in /etc/shorewall/start. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
