On Thu, Jan 31, 2019 at 10:10:43PM -0500, Laine Stump wrote: > On 1/31/19 8:24 PM, Laine Stump wrote: > > Changes from V1: > > [...] > > > * make the <reject/> rule's priority 32767 instead of 127. > > [...] > > > + > > +<rule priority='32767'> > > + <reject/> > > +</rule> > > > I found out after sending this that when I make the priority of the reject > rule 32767 instead of 127, it's apparently ignored (in my example, I was > able to ssh to port 222 of the host even though the zone doesn't allow > that). Some kind of boundary condition i guess. Perhaps 32766 will work ? > > > Eric, any idea why this might be happening? > > > -- > libvir-list mailing list > libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
