On 05/18/2018 06:26 PM, ObNox wrote:
> On 17/05/2018 17:32, Tom Eastep wrote:
>
>>> net { interface=${IF_NET} \
>>> options="nets=(!${LAN_NET),nosmurfs,rpfilter,dhcp,dbl=src-dst" }
>>>
>>> Removing the "dbl=src-dst" part (introduced in 5.0.10) prevents the
>>> warnings from triggering.
>>
>> Thanks for the update -- I'll take a look.
>
> To stay on this topic : Given the fact that we now have
> DYNAMIC_BLACKLIST and "options" field in "interfaces" to handle the
> "src-dst" dynamic blacklisting, what would be the best/correct way to
> use "src-dst" setting ? In DYNAMIC_BLACKLIST or "options" (in
> "interfaces") or both?
>
> What are the pros/cons of each method?
> The default setting for all interfaces is determined by the setting in DYNAMIC_BLACKLIST. That default may be overridden on an individual interface using dbl= in the interface's OPTIONS. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
