On 07/30/2018 09:34 AM, Vieri Di Paola via Shorewall-users wrote: > When using the BLACKLIST policy in a policy file (and defining an ipset > in DYNAMIC_BLACKLIST), is it possible to redirect future connection > attempts form src hosts in the BL ipset only if made to port 80 to > another port port, say 6000? > ie. if a blacklisted host tries to connect to port 80 via HTTP, redirect > traffic to port tcp 6000 on the shorewall firewall?
No - blacklist checking occurs before the connection request is passed to any rules. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
