On 7/8/2014 2:19 PM, Ruud Baart wrote: > I think I found part of the solution. > > In /etc/shorewall/rules: > IPTABLES(DROP) wan1 $FW udp 53 ; -m string --algo bm --hex-string > "|01000001|" > does not work. But > iptables -I INPUT 1 -p udp --dport 53 -m string --algo bm > --hex-string "|01000001|" -j DROP > works. > > I assume the place of the rule in the iptables rule set is important. In > the last case it is part of the chain INPUT and in the first case it is > part of the chain wa1-fw (of course this is specific for this server) > > I would like the get it working in shorewall. Easier to maintain and > easier to make an exception for the internal systems. Is there a way to > get the rule on the correct position or chain? >
Are there UDP 53 rules before that one in the rules file? -Tom ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
