----- Original Message ----- From: Tom Eastep <teas...@shorewall.net> > First, remove the ADD rules from /etc/shorewall/rules. > > You can then copy action.Drop to /etc/shorewall/ and then add this to
> the copy as the last line:> > ADD(SW_DBL4:src) Unfortunately, private IP addresses from my dmz zone were also put into SW_DBL4 for some reason. So I thought I should create a custom DROP action. # cat /etc/shorewall/actions DROPBL # drop and blacklist Created a copy of the standard DROP action and added the line at the bottom: # tail -n 2 /etc/shorewall/action.DROPBL DropDNSrep(@5) ADD(SW_DBL4:src) # tail -n 3 rules DROPBL net1 $FW DROPBL net2 $FW DROPBL net3 $FW This overrides the net*2fw "policy" because I cannot specify custom actions in the POLICY column of /etc/shorewall/policy, right? Vieri ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users