On 17/05/2018 17:32, Tom Eastep wrote:
net { interface=${IF_NET} \
options="nets=(!${LAN_NET),nosmurfs,rpfilter,dhcp,dbl=src-dst" }
Removing the "dbl=src-dst" part (introduced in 5.0.10) prevents the
warnings from triggering.
Thanks for the update -- I'll take a look.
To stay on this topic : Given the fact that we now have
DYNAMIC_BLACKLIST and "options" field in "interfaces" to handle the
"src-dst" dynamic blacklisting, what would be the best/correct way to
use "src-dst" setting ? In DYNAMIC_BLACKLIST or "options" (in
"interfaces") or both?
What are the pros/cons of each method?
Thank you!
--
ObNox
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
