Re: [Shorewall-users] rfc1918 macro

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Wed, Mar 26, 2008 at 11:22:53AM -0700, Tom Eastep wrote:
> Example:
>
> net->dmz policy of "REJECT info"
>
> Rules:
>
> REJECT:info	 all		all	udp	1024
> ACCEPT	  	 net:1.2.3.4	fw
>
> In that case, net->fw UDP 1024 would still be allowed from 1.2.3.4 
> because the REJECT rule duplicates the policy of net->fw so would not be 
> included in
> the net2fw chain. Changing the REJECT:info to REJECT!:info does what the  
> rules intend.

Isn't that a bug? Shorewall should never discard a rule like that if
it has parameters other than just "all all".