On 10/21/2014 7:49 AM, Tom Eastep wrote: > On 10/21/2014 2:52 AM, Filippo Carletti wrote: >>> Assuming that you are using a recent version of Shorewall, you can >>> simply use: >>> >>> IPTABLES(NFQUEUE --queue-bypass) ... >> >> I was testing with shorewall 4.5.18, but I had 4.6.4.1 installed on a >> test system and completely missed the feature. >> Using the above syntax in the rules file works as expected, thank you, Tom. >> >> In policy I put: >> loc net ACCEPT:NFQBY >> where NFQBY is an action: >> IPTABLES(NFQUEUE --queue-bypass) >> >> Could I ask to confirm that the syntax I'm using for policy is good? >> > > Yes -- that syntax is correct. >
That having been said, you probably want to follow that rule with an invocation of the 'Drop' or 'Reject' action so that proper filtering occurs in the case where NFQUEUE is bypassed. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
