I am a victim of abuse.. a person put my email in much mailing list... PLEASE UNSUBSCRIBE ME!!!!
Guia Artistica www.guiaartistica.com.ar -----Mensaje original----- De: Paul Gear [mailto:[EMAIL PROTECTED] Enviado el: Lunes, 09 de Abril de 2007 03:06 a.m. Para: [EMAIL PROTECTED] Asunto: Bug#295460: marked as done (shorewall: wrong rules order with loging with rate limiting in policy) Debian Bug Tracking System wrote: > ... > Marek wrote: >> ... >> in 'policy': >> lan dsl DROP info 3/minute >> >> in 'rules': >> ACCEPT lan:10.0.1.25 dsl all >> ACCEPT lan:10.0.1.26 dsl all >> >> after startup, logging/dropping rules from iptables -L -n in chain >> '@lan2dsl', in chain 'lan2dsl' jump to @lan2dsl after "ACCEPT >> ESTABISHED,RELATED", but >BEFORE< "ACCEPT from 10.0..." rules >> >> think it should be under "ACCEPT from 10.." >> ... > The order of the two rules is not important. ACCEPT from 10... accepts > new connections and ACCEPT ESTABLISHED,RELATED accepts packets > belonging to already established connections. > > The bug can be considered closed. Lorenzo, I'm not sure we've got to the heart of Marek's problem here. I think getting a shorewall dump and looking at the lan2dsl chain in it would reveal to us more what he is talking about. It sounds to me like what he's describing is that policy logging is happening ahead of rules, which is definitely wrong. If so, we need to check whether this is something Tom has fixed since the release of Debian stable. Regards, Paul <http://paulgear.webhop.net> -- Did you know? The major music labels and on-line stores want to limit your rights to listen to music you have legitimately purchased. Find out more: http://iownmymusic.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
