On 04/04/2016 08:43 AM, PGNet Dev wrote: > On 04/04/2016 08:27 AM, Tom Eastep wrote: >> You will probably need to use this form instead or the compiler will >> complain about the quotes: >> >> INLINE(DROP) net $FW tcp 25 ; -m string --algo bm --string 'ylmf-pc' > > string matches in SW rules appear quite useful. > > I tend to organize my *IP* lists in IPSETs; SW make using them trivial. > > Can these INLINE(DROP) rules be adapted to IPSET use -- or some other > efficient table mechanism ? E.g., for a list of strings in file: > bad_strings.txt ... >
That would require kernel support. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
