Re: [Shorewall-devel] zone-dependent blacklist/whitelist

On Sep 30, 2011, at 12:46 PM, Mr Dash Four wrote:

>
>>> Are you thinking of dumping the blacklst and blackout chains in the
>>> INPUT, OUTPUT and FORWARD chains, filtering out just the interface?
>>>
>>
>> No: I'm merely suggesting that the first column could be of the form
>> <interface>:<network list>. The <interface> would be the source
>> interface in 'src' entries and the destination interface in 'dst'
>> entries.
>>
> Where are you going to place these statements - in the same
> blacklst/blackout chains shared among all zones or somewhere else? If
> so, where?

Same chains as today.

-Tom

Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

• This message: [ Message body ]
• Next message: Mr Dash Four: "Re: [Shorewall-devel] zone-dependent blacklist/whitelist"
• Previous message: Mr Dash Four: "Re: [Shorewall-devel] zone-dependent blacklist/whitelist"
• In reply to: Mr Dash Four: "Re: [Shorewall-devel] zone-dependent blacklist/whitelist"
• Next in thread: Mr Dash Four: "Re: [Shorewall-devel] zone-dependent blacklist/whitelist"
• Reply: Mr Dash Four: "Re: [Shorewall-devel] zone-dependent blacklist/whitelist"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]