[Shorewall-users] Excluding clients from rules
Wed, 16 Jan 2002 15:04:48 -0800
On Wednesday 16 January 2002 03:03 pm, Tom Eastep wrote:
> On Wednesday 16 January 2002 02:40 pm, Markus Bossert wrote:
> > Why can't he just put a REJECT or a DROP rule (or for surrounding squ=
> > another ACCEPT rule) above his ACCEPT rule for http ports since rules=
> > processed until the first fitting is found, afaik?
> In each Netfilter table, rules are processed in the order found. Port
> redirection and port forwarding rules and a rule to both Netfilter's na=
make that "...add a rule to both..."
> table in in its filter table. The rule added to the nat table is being
> executed before ANY rule in the filter table.
> I'm working on a fix for this general problem so have faith....
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com