On Wed, Aug 20, 2014, at 04:16 PM, Tom Eastep wrote: > If you DROP, no conntrack entry will be created. Also, if you qualify > the SOURCE with the net interface(s), at least traffic from the local > LAN won't be compared to the ipset.
Both noted, and fixed. Thanks. ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
