[Shorewall-users] rules and masq order

Marius Stan mstan at asesoft.ro
Tue Mar 2 01:59:39 PST 2004


Hello,

I have the 'loc' zone masqueraded for internet access.
in the rules file there's a rule like
DROP loc:192.168.0.1 net all
that should cut the internet access for the specified IP address (I 
still want it to be able to access the dmz)
the above rule is placed below the transparent proxy redirect rule.

well, this rule doesn't work, so I'm guessing that's because I already 
masqueraded that address; right ?
I know I can deny masquerading for a specific address in the masq file, 
but I was just wondering if there's a way I can use the rules file, as 
this would be much readable.

Thanks,
Marius


More information about the Shorewall-users mailing list