Package: shorewall
Version: 2.2.3-2
http://packages.debian.org/stable/net/shorewall
The security upgrade of shorewall has broken my install, it now
complains:
Adding Common Rules
iptables: No chain/target/match by that name
ERROR: Command "/sbin/iptables -A reject -p tcp -j REJECT --
reject-with tcp-reset" Failed
IP Forwarding Disabled!
Where before it was perfectly functional.
Anyone know of this problem, and more importantly, how I can solve it?
My existing configuration is known to work on a large set of machines
- are below:
thanks,
_alex
/etc/shorewall/rules
########################################################################
############################
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/
# PORT PORT(S)
DEST LIMIT GROUP
# note that I have not chosen to rate limit sshd, instead I just
explicitly allow
# certain ip ranges for people I trust - http://www.fduran.com/
wordpress/?p=21
# makes a good point stating that if you rely on rate limiting alone,
you can
# lock youreself out of a system _during_ an attack, which is not
useful.
ACCEPT net fw tcp 22
ACCEPT net fw tcp 80
ACCEPT net fw tcp 443
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/interfaces
########################################################################
######
#ZONE INTERFACE BROADCAST OPTIONS
net venet0 detect nosmurfs
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/policy
########################################################################
#######
#SOURCE DEST POLICY LOG
LIMIT:BURST
# LEVEL
fw net ACCEPT
net fw REJECT
#LAST LINE -- DO NOT REMOVE
shorewall.conf is, I believe, the default.
as you can see my install is _REALLY_ complex :P
:)
_a
--
alex black, founder
the turing studio, inc.
510.666.0074
[EMAIL PROTECTED]
http://www.turingstudio.com
2600 10th street, suite 635
berkeley, ca 94710
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
