Re: [Shorewall-users] block forward on specific ip

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 1/26/11 12:51 PM, Tom Eastep wrote:

> 
> Are you using a proxy like Squid? If so, that is bypassing the rule.
> Otherwise, please collect the output of 'shorewall dump' and submit it
> along with the information requested at
> http://www.shorewall.net/support.htm#Guidelines.

Of course, you could also have ACCEPT, DNAT or REJECT rules above your
REJECT rule in /etc/shorewall/rules. From the shorewall-rules man page:

	"For any particular (source,dest) pair of zones, the rules are 	
	evaluated in the order in which they appear in this file and
	the first terminating match is the one that determines the
	disposition of the request. All rules are terminating except
	LOG and COUNT rules."

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________