[Shorewall-users] Excluding clients from rules
Wed, 16 Jan 2002 15:03:25 -0800
On Wednesday 16 January 2002 02:40 pm, Markus Bossert wrote:
> Why can't he just put a REJECT or a DROP rule (or for surrounding squid
> another ACCEPT rule) above his ACCEPT rule for http ports since rules a=
> processed until the first fitting is found, afaik?
In each Netfilter table, rules are processed in the order found. Port=20
redirection and port forwarding rules and a rule to both Netfilter's nat=20
table in in its filter table. The rule added to the nat table is being=20
executed before ANY rule in the filter table.
I'm working on a fix for this general problem so have faith....
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com