On Wed, 4 Jul 2018 08:00:47 -0700
Tom Eastep wrote:
> On 06/22/2018 06:52 AM, Steven Jan Springl wrote:
> > Hi Tom
> >
> > Shorewall rule:
> >
> > ACCEPT lan:!lo wan icmp 8
> >
> > Generates the following iptables-restore rule:
> >
Hi Tom
Shorewall rule:
ACCEPT lan:!lo wan icmp 8
Generates the following iptables-restore rule:
-A lan2wan -p 1 --icmp-type 8 !-i lo -j ACCEPT
Which produces the following error message:
Bad argument `!-i'
Steven.
-
On Sun, 23 Oct 2016 10:13:20 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/22/2016 02:35 PM, Steven Jan Springl wrote:
> > Tom
> >
> > The attached config. produces the following messages:
> >
> > Compiling
Tom
The attached config. produces the following messages:
Compiling /etc/shorewall92/mangle...
Use of uninitialized value in bitwise and (&)
at /usr/share/shorewall/Shorewall/Rules.pm line 4826, <$currentfile>
line 6.
Use of uninitialized value in concatenation (.) or string
at /usr/share/shor
Tom
In Shorewall 5.0.13.1 the attached config. produces the following error
messages:
Compiling using Shorewall 5.0.13.1...
Creating iptables-restore input...
Use of uninitialized value $capability in hash element
at /usr/share/shorewall/Shorewall/Config.pm line 4937.
Use of uninitialized valu
Tom
Tcrules entry:
INLINE ; -j
Produces the following error messages:
Compiling /etc/shorewall2A30/tcrules...
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Chains.pm line 934, <$currentfile> line 17.
Optimizing Ruleset...
ERROR: Internal error in Sho
On Wednesday 01 May 2013 22:50:00 Tom Eastep wrote:
> On 05/01/2013 02:08 PM, Steven Jan Springl wrote:
> > In the attached config. tcrules entry:
> >
> > INLINE eth1 eth0 ; -m length --length 100
> >
> > Generates the following iptables rules:
> >
On Wednesday 01 May 2013 14:43:43 Tom Eastep wrote:
> The Shorewall team is pleased to announce the availability of Shorewall
> 4.5.16.
>
> 4) The INLINE action is also supported in the accounting and tcrules
> files. In the accounting file, INLINE is treated the same as COUNT
> in the wi
On Saturday 19 May 2012 17:42:31 Tom Eastep wrote:
> On 05/19/2012 09:23 AM, Tom Eastep wrote:
> > On 05/19/2012 08:58 AM, Steven Jan Springl wrote:
> >> On Friday 18 May 2012 01:18:44 Tom Eastep wrote:
> >>> Example - Drop email from Anonymous Proxies and Satellite P
On Friday 18 May 2012 01:18:44 Tom Eastep wrote:
> Example - Drop email from Anonymous Proxies and Satellite Providers:
>
> #ACTION SOURCE DESTPROTO DEST
> # PORT(S)
> DROP:infonet:^A1,A2
On Monday 19 Mar 2012 02:13:03 Tom Eastep wrote:
> On 3/18/12 5:21 PM, "Tom Eastep" wrote:
> >Won't be happening for a while. I've discovered that nested ?Ifs don't
> >work :-(
>
> Steven,
>
> Nested ?Ifs still don't work correctly, but I think that this patch
> corrects your issues.
>
Tom
Co
Tom
Sorry for the earlier noise. My original report was correct, I have pasted it
below along with a couple of other issues.
If ?ELSE is specified without a preceding ?IF in the rules file, the following
error is produced:
Can't use an undefined value as an ARRAY reference at
/usr/share/shor
On Sunday 22 Jan 2012 04:01:31 Tom Eastep wrote:
> On Jan 21, 2012, at 4:22 PM, Steven Jan Springl wrote:
> > In Shorewall6 4.4.27 the following proxyndp entry:
> >
> > 2001:4d48:ad51:24::f3 eth2 eth0 no no
> >
> > does not add the required route.
>
Tom
In Shorewall6 4.4.27 the following proxyndp entry:
2001:4d48:ad51:24::f3 eth2 eth0 no no
does not add the required route.
The code produced in /var/lib/shorewall6/.restart is:
qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2run_ip route add
2001:4d48:ad51:24::f3/128 dev eth2
On Monday 21 Nov 2011 01:00:21 Tom Eastep wrote:
> On Nov 20, 2011, at 4:39 PM, Steven Jan Springl wrote:
> > If command "shorewall update -b" is issued against a config. that has a
> > blacklist file that is size 0, the following error message is produced:
> >
Tom
If command "shorewall update -b" is issued against a config. that has a
blacklist file that is size 0, the following error message is produced:
ERROR: Internal error in Shorewall::Misc::convert_blacklist at
/usr/share/shorewall/Shorewall/Misc.pm line 406
Steven.
--
On Wednesday 10 August 2011 15:43:24 Tom Eastep wrote:
> On Wed, 2011-08-10 at 15:22 +0100, Steven Jan Springl wrote:
> > In the attached config. when MANGLE_FORWARD is not set in capabilities
> > and there is an entry in ecn the following message is generated:
> >
> >
Tom
In the attached config. when MANGLE_FORWARD is not set in capabilities and
there is an entry in ecn the following message is generated:
Use of uninitialized value in hash element
at /usr/share/shorewall/Shorewall/Chains.pm line 1119.
Steven.
shorewallT4.tar.gz
Description: application/
On Wednesday 10 August 2011 04:38:30 Tom Eastep wrote:
> On Aug 9, 2011, at 4:25 PM, Tom Eastep wrote:
> > The attached patch seems to correct this.
>
> And, as always, thank you
>
> -Tom
>
Tom
Confirmed, the patch fixes the issue.
Thanks.
Steven.
---
On Tuesday 09 August 2011 17:32:01 Tom Eastep wrote:
> Shorewall 4.4.22.2 is available for download.
>
> Problems Corrected:
>
> 1) On older distributions where 'shorewall show capabilities'
> indicates 'Connection Tracking Match: Not Available', Shorewall
> 4.4.22 and 4.4.22.1 generated i
On Wednesday 06 April 2011 15:51:35 Tom Eastep wrote:
> On 4/6/11 4:45 AM, Steven Jan Springl wrote:
> > No. This is a bug in the Shorewall compiler that Tom will need to look
> > at.
>
> Indeed. Patch attached.
>
> -Tom
Tom
The patch fixed the problem resulting in
On Wednesday 06 April 2011 12:29:16 Cameron, George G. wrote:
> >
> > I have recreated both problems. They seem to be caused by the parameter
> > 'physical=+' in the interfaces file.
> >
> > If the parameter is removed or its value changed to a value other than
> > just '+' the problems do not occu
On Wednesday 06 April 2011 09:48:42 Cameron, George G. wrote:
> Tom,
>
>1. shorewall.tar.gz attached (including generated caps file) as
> requested 2. I noticed that I was still using shorewall.conf from 4.4.18.1,
> so swapped to the new conf file:
> 1. now, no error is reported - but
On Monday 20 December 2010 20:19:43 Tom Eastep wrote:
> On 12/20/10 12:06 PM, Steven Jan Springl wrote:
> > The patch to Zones.pm fixes the problem.
> >
> > The patch to Proxyarp.pm does not apply. The following line is refered to
> > in the patch, but do
On Monday 20 December 2010 00:32:45 Tom Eastep wrote:
> > It fixes all but the last message:
> >
> > Use of uninitialized value in numeric comparison (<=>)
> > at /usr/share/shorewall/Shorewall/Zones.pm line 1334.
> >
> > This message is produced in the "Optimizing ruleset.." phase.
>
> Steven,
>
On Sunday 19 December 2010 21:31:01 Tom Eastep wrote:
> Steven,
>
> This seems to fix it.
>
> Thanks!
> -Tom
Tom
It fixes all but the last message:
Use of uninitialized value in numeric comparison (<=>)
at /usr/share/shorewall/Shorewall/Zones.pm line 1334.
This message is produced in the "Opti
Tom
using the same test config I used for the proxarp problem and notrack entry:
z1 ssp21 2
the following messages are produced:
Use of uninitialized value $chain in hash element
at /usr/share/shorewall/Shorewall/Zones.pm line 805, <$currentfile> line 15.
Use of uninitialized value $chain i
On Saturday 18 September 2010 17:13:03 Tom Eastep wrote:
> On 9/18/10 9:01 AM, Steven Jan Springl wrote:
> > Tcfilters entry:
> >
> > eth0:33 2.2.2.2 1.1.1.1 tcp :22
> >
> > produces the following message:
> >
> > ERROR: Invalid/Unknown 6 port/serv
Tom
Tcfilters entry:
eth0:33 2.2.2.2 1.1.1.1 tcp :22
produces the following message:
ERROR: Invalid/Unknown 6 port/service (0) : /etc/shorewall2/tcfilters (line
13)
Steven.
--
Start uncovering the many advantages
On Saturday 18 September 2010 01:12:09 Tom Eastep wrote:
> On 9/17/10 4:41 PM, Tom Eastep wrote:
> > On 9/17/10 4:35 PM, Steven Jan Springl wrote:
> >> Tom
> >>
> >> When routestopped contains:
> >>
> >> eth3 192.168.0.0/29,10.1.1.1 notrack
Tom
When routestopped contains:
eth3 192.168.0.0/29,10.1.1.1 notrack
After 'shorewall start' and 'shorewall clear' commands have been executed,
iptables-save shows the following rules are still active:
raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -s 192.168.0.0/29 -i br1 -m
On Saturday 11 September 2010 19:13:19 Tom Eastep wrote:
> On 9/11/10 11:05 AM, Steven Jan Springl wrote:
> > On Saturday 11 September 2010 18:50:13 Tom Eastep wrote:
> >> On 9/11/10 10:43 AM, Steven Jan Springl wrote:
> >>> On Saturday 11 September 2010 17:38:04 T
On Saturday 11 September 2010 18:50:13 Tom Eastep wrote:
> On 9/11/10 10:43 AM, Steven Jan Springl wrote:
> > On Saturday 11 September 2010 17:38:04 Tom Eastep wrote:
> >> I just corrected the case where SAME is used with SOURCE $FW; that's
> >> commit 367fc041
On Saturday 11 September 2010 17:38:04 Tom Eastep wrote:
> On 9/11/10 9:06 AM, Tom Eastep wrote:
> > On 9/11/10 7:40 AM, Steven Jan Springl wrote:
> >> tcrules entry:
> >>
> >> SAME:P 192.168.120.0/24 0.0.0.0
> >>
> >> produces the followin
On Saturday 11 September 2010 17:06:34 Tom Eastep wrote:
> On 9/11/10 7:40 AM, Steven Jan Springl wrote:
> > tcrules entry:
> >
> > SAME:P 192.168.120.0/24 0.0.0.0
> >
> > produces the following messages:
> >
> > iptables v1.4.9.1: Cannot use -A wi
Tom
tcrules entry:
SAME:P 192.168.120.0/24 0.0.0.0
produces the following messages:
iptables v1.4.9.1: Cannot use -A with -A
ERROR: Command "/usr/local/sbin/iptables -A setsticky -A -s
192.168.120.0/24 -d 0.0.0.0 -m mark --mark 0x1/0xff -m recent --name
sticky001 --set" Failed
Steven.
--
On Saturday 16 January 2010 22:02:40 Tom Eastep wrote:
> Tom Eastep wrote:
> >>
> >> '8' is an illegal octal digit -- that's what leads to this error.
> >
> > Commit 5ec7759d81973876daba213aa6dd0609dde3793c avoids the run-time
> > error.
>
> And for consistency, aad8ea837af468d60196d341254a1560d8be
Tom
Specifying a port with a leading zero, eg rule:
ACCEPT p2 all tcp 080
produces the following error:
Use of uninitialized value $port in concatenation (.) or string
at /usr/share/shorewall/Shorewall/IPAddrs.pm line 312, <$currentfile> line
80.
ERROR: Invalid/Unknown tcp port/service
On Tuesday 22 December 2009 01:41:20 Tom Eastep wrote:
> >> Issuing command shorewall6 start produces the following message:
> >>
> >> Use of uninitialized value $val in string eq
> >> at /usr/share/shorewall/Shorewall/Config.pm line 2373.
> >
> > I saw that on one of my systems this morning but I
On Sunday 20 December 2009 23:44:55 Tom Eastep wrote:
> I've just uploaded 4.4.5.2. It contains this patch as well as another
> change that fixes issues with ROUTE_FILTER handling on 2.6.31 and later.
Tom
Issuing command shorewall6 start produces the following message:
Use of uninitialized valu
On Sunday 20 December 2009 21:44:02 Tom Eastep wrote:
> On Sun, 20 Dec 2009 21:26:57 +
>
> Steven Jan Springl wrote:
> > Tom
> >
> > Issuing a shorewall start produces the following messages:
> >
> >WARNING: Unknown capability (KERNELVERSION)
>
Tom
Issuing a shorewall start produces the following messages:
WARNING: Unknown capability (KERNELVERSION)
ignored : /etc/shorewall2/capabilities (line 49)
WARNING: Your capabilities file does not contain a Kernel Version -- using
2.6.30
I am using kernel 2.6.33-rc1 and the capabilities
On Saturday 19 December 2009 17:29:43 Tom Eastep wrote:
> 3) The compiler now flags port number 0 as an error in all
> contexts. Previously, port 0 was allowed with the result that
> invalid iptables-restore input could be generated in some cases.
>
Tom
Just a minor issue, specifying po
On Monday 23 November 2009 21:48:23 Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Saturday 21 November 2009 18:32:06 Tom Eastep wrote:
> >> 6) The shorewall and shorewall6 utilities now support a 'show
> >> policies' command.
> >
> > Tom
On Saturday 21 November 2009 18:32:06 Tom Eastep wrote:
> 6) The shorewall and shorewall6 utilities now support a 'show
> policies' command.
Tom:
Command 'shorewall show policies' works,
but command 'shorewall6 show policies' is invalid.
Steven.
-
On Saturday 21 November 2009 23:30:56 Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > Issuing a shorewall6 start produces the following message:
> >
> > Undefined subroutine &Shorewall::Rules::match_source_interface called
> > at /usr/s
Tom
Issuing a shorewall6 start produces the following message:
Undefined subroutine &Shorewall::Rules::match_source_interface called
at /usr/share/shorewall/Shorewall/Rules.pm line 2319.
Steven.
--
Let Crystal Reports
On Saturday 21 November 2009 22:22:07 Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Saturday 21 November 2009 18:32:06 Tom Eastep wrote:
> >>
> >>--- - N E W F E A
On Saturday 21 November 2009 18:32:06 Tom Eastep wrote:
> ---
>- N E W F E A T U R E S I N 4 . 4 . 4
> ---
>-
> 2) The limit of 15 entries in a port
Tom:
The following messages are produced by both Shorewall & Shorewall6 when
VERBOSITY=2 is specified in shorewall.conf and a capabilities file does not
exist:
Use of uninitialized value in string comparison (cmp)
at /usr/share/shorewall-perl/Shorewall/Config.pm line 1612.
Use of uninitialize
On Tuesday 18 November 2008 08:05, Michael Bernhard Arp Sørensen wrote:
> Hi there.
>
> I've been reading the docs over and over and the understading of proxyarp
> escapes me.
>
> I've set up a firewall. I've got 10 external IP addresses and I want for a
> start to set up the first public IP addres
Tom
In kernel 2.6.28-rc1, module ipt_recent has been renamed xt_recent.
Steven.
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win
Chris
As Dmitry wrote, it's the unit parameter that you need.
Like you, I run my ADSL modem in bridged PPPoE mode and run PPPoE on my
firewall.
My PPPoE uses ppp8 and dialup backup to defaults to ppp0. I deliberately leave
a gap so that if ppp0 is ever unavailable, dialup can use ppp1 without
Tom
I have been testing Shorewall-perl with ipsets and have come across a couple
of problems.
The ipsets documentation states that negative matches are allowed, however,
Shorewall only allows this in the hosts file.
Message:
ERROR: Invalid ipset name (!+sjsset) ...
is p
Tom
The shorewall-providers man page states that the INTERFACE must be listed in
shorewall-interfaces, however shorewall-perl does not seem to check this.
With providers entry:
isp1 1 1 main eth0:1 192.168.0.254
A "shorewall start" generates the following error:
/var/lib/shorewall/.star
On Friday 22 February 2008 16:42, Francesco Saverio Giudice wrote:
> Hi Tom,
>
> I get the error:
>
> -
> # ip route add 1.2.4.5 dev eth3
> # ip route replace 1.2.4.5 dev eth3
> RTNETLINK answers: File exists
> -
>
> I have to patch kernel or something else ?
>
Tom / Francesco
Thi
Tom
When I issue "shorewall check", I get the following message:
ERROR: Your iptables is not recent enough to support bridge
ports : /etc/shorewall/interfaces (line 13)
The environment is:
Debian etch
iptables 1.4.0
kernel 2.6.24.2
The Shorewall configuration is attache
> Here's a patch.
>
>
>
> -Tom
Tom
Thanks, that's fixed it.
Steven.
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01
On Saturday 24 November 2007 00:33, Tom Eastep wrote:
> On Sat, 2007-11-24 at 00:13 +0000, Steven Jan Springl wrote:
> > Tom
> >
> > I have just upgraded from Shorewall 4.0.5 using the Debian packages.
> >
> > When I issue a 'shorewall start' I get t
>
> Please send a capabilities file:
>
> shorewall show -f capabilities > capabilities
>
> I can't know what your kernel/iptables configuration looks like
>
> -Tom
Tom
My capabilities files is attached.
Steven.
#
# Shorewall detected the following iptables/netfilter capabilities - Sat Nov
Tom
I have just upgraded from Shorewall 4.0.5 using the Debian packages.
When I issue a 'shorewall start' I get the following error messages:
Use of uninitialized value in concatenation (.) or string
at /usr/share/shorewall-perl/Shorewall/Rules.pm line 344.
Use of uninitialized value in concat
Tom
While installing shorewall-lite-4.0.0.tar.bz2 the following message is
produced:
gzip: shorewall-lite.8: unknown suffix -- ignored.
Steven.
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. M
>
> I want to personally thank Steven Jan Springl for his tireless efforts
> in testing the new (and old) compiler(s). Both compilers are much better
> as a result of his efforts and we all owe him a deep debt of gratitude;
> Shorewall 4.0 would not have been possible without him
On Thursday 19 July 2007 18:53, Tom Eastep wrote:
> List Receiver wrote:
> >> -Original Message-
> >> From: [EMAIL PROTECTED] [mailto:shorewall-
> >> [EMAIL PROTECTED] On Behalf Of Tom Eastep
> >> Sent: Thursday, July 19, 2007 10:46 AM
> >> To: Shorewall Users
> >> Subject: [Shorewall-users
On Tuesday 15 May 2007 15:20, Tom Eastep wrote:
> I'm pleased to announce that Roberto Sánchez has agreed to become the
> maintainer of Shorewall-shell. Please join me in thanking Roberto for
> volunteering for this important role.
>
> -Tom
Well done Roberto.
Steven.
On Thursday 03 May 2007 15:01, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > That works.
> >
> > However, if sjsact is empty or just contains comments, the error message
> > is still produced.
>
> Good afternoon, Steven
>
> The empty action problem shoul
On Thursday 03 May 2007 04:09, Tom Eastep wrote:
> Tom Eastep wrote:
> > Steven Jan Springl wrote:
> >> On Thursday 03 May 2007 02:00, Tom Eastep wrote:
> >>> Steven Jan Springl wrote:
> >>>> Tom
> >>>>
> >>>> Action:
>
On Thursday 03 May 2007 03:08, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Thursday 03 May 2007 02:00, Tom Eastep wrote:
> >> Steven Jan Springl wrote:
> >>> Tom
> >>>
> >>> Action:
> >>>
> >>> LOG:warn eth
On Thursday 03 May 2007 02:00, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > Action:
> >
> > LOG:warn eth0 eth0:192.168.0.3
> >
> > when compiled with shorewall-perl produces the following error:
> >
> > Internal Err
Tom
Action:
LOG:warn eth0 eth0:192.168.0.3
when compiled with shorewall-perl produces the following error:
Internal Error at /usr/share/shorewall-perl/Shorewall/Actions.pm line 414,
<$currentfile> line 5.
Steven.
-
Thi
On Thursday 03 May 2007 01:33, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Thursday 03 May 2007 01:12, Tom Eastep wrote:
> >> Steven Jan Springl wrote:
> >>> Tom
> >>>
> >>> Action sjsact:
> >>>
> >>> ACCEPT
On Thursday 03 May 2007 01:12, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > Action sjsact:
> >
> > ACCEPT eth0 eth0:192.168.0.3
> >
> > When it's compiled with shorewall-perl the following iptables rule is
> > generated:
&g
Tom
Action sjsact:
ACCEPT eth0 eth0:192.168.0.3
When it's compiled with shorewall-perl the following iptables rule is
generated:
-A sjsact -i eth0 -o eth0 -d 192.168.0.3 -j ACCEPT
when the action is compiled with shorewall-shell the following iptables rule
is generated:
-A sjsact -p all -
On Wednesday 02 May 2007 23:00, Tom Eastep wrote:
> Steven Jan Springl wrote:
> >>> However when compiled with shorewall-shell, no rule is generated and no
> >>> message produced.
> >>
> >> When I try this, I get an error message:
> >>
>
On Wednesday 02 May 2007 22:25, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > Creating an action (sjsact) that branches to itself:
> >
> > sjsact eth0 eth0
> >
> > when compiled with shorewall-perl generates iptables rule:
> >
Tom
Creating an action (sjsact) that branches to itself:
sjsact eth0 eth0
when compiled with shorewall-perl generates iptables rule:
-A sjsact -i eth0 -o eth0 -j sjsact
and produces error message:
iptables: loop hook 1 pos
However when compiled with shorewall-shell, no rule is generat
On Wednesday 02 May 2007 19:42, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > Would it be worth adding DEST to the list of reserved zone names.
> >
> > When DEST is used in a rule it behaves like any other zone name, but in a
> > macro it ha
Tom
Would it be worth adding DEST to the list of reserved zone names.
When DEST is used in a rule it behaves like any other zone name, but in a
macro it has special significance. This might lead to confusion for some
users.
Steven.
-
On Wednesday 02 May 2007 16:40, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > A couple of issues with log tag.
> >
> > Rule:
> >
> > ACCEPT:warn:mail $FW lan:192.168.0.3 tcp 25
> >
> > generates iptables rule:
> >
Tom
A couple of issues with log tag.
Rule:
ACCEPT:warn:mail $FW lan:192.168.0.3 tcp 25
generates iptables rule:
-A fw2lan -p 6 --dport 25 -d 192.168.0.3 -j LOG --log-level
4 --log-prefix "Shorewall:mail:ACCEPT:"
The documentation states that log tag is appended to the end of LOGPREFIX
wh
Tom
Rule:
LOG:warn lan:192.168.0.3 $FW udp 123,245:1000,2333,1:15000
1000:1,2,25000:3
when compiled shorewall-shell generates:
+ /sbin/iptables -A lan2fw -p udp -m multiport -s 192.168.0.3 --sports
1000:1,2,25000:3 --dports 123,245:1000,2333,1:15000 --match
On Wednesday 02 May 2007 01:34, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > When rule:
> >
> > sjs/ACCEPT $FW $L3 tcp 1 0 - - 0:0
> >
> > calls macro:
> >
> > PARAM - - tcp 22 100
> >
> > the f
Tom
When rule:
sjs/ACCEPT $FW $L3 tcp 1 0 - - 0:0
calls macro:
PARAM - - tcp 22 100
the following iptables rule is generated:
-A fw2lan -p 6 --dport 1 -sport 0 -m owner -d 192.168.0.3 -j accept
which produces the following error:
iptables-restore v1.3.6: OWNER match: You must
On Wednesday 02 May 2007 00:10, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Tuesday 01 May 2007 22:49, Tom Eastep wrote:
> >> Steven Jan Springl wrote:
> >>> On Tuesday 01 May 2007 22:24, Tom Eastep wrote:
> >>>> Steven Jan Springl wrote:
&g
On Tuesday 01 May 2007 22:49, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Tuesday 01 May 2007 22:24, Tom Eastep wrote:
> >> Steven Jan Springl wrote:
> >>> Tom
> >>>
> >>>
> >>> When a rule that specifies source po
On Tuesday 01 May 2007 22:24, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> >
> > When a rule that specifies source port 0 or destination port 0 calls a
> > macro the source port and destination ports in the macro are not
> > overridden. E.G.
Tom
When a rule that specifies source port 0 or destination port 0 calls a macro
the source port and destination ports in the macro are not overridden. E.G.
rule:
sjs/ACCEPT $FW $L3 tcp 0 0
macro sjs:
PARAM - - tcp 22 10
generates iptables-rule:
-A fw2lan -p 6 --dport 22 --sport 100
On Tuesday 01 May 2007 19:30, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > After applying REV 6178 I get the following errors:
> >
> > Not enough arguments for Shorewall::Chains::do_test
> > at /usr/share/shorewall-perl/Sh
Tom
After applying REV 6178 I get the following errors:
Not enough arguments for Shorewall::Chains::do_test
at /usr/share/shorewall-perl/Shorewall/Nat.pm line 172, near "$mark if"
Compilation failed in require at /usr/share/shorewall-perl/compiler.pl line
47.
BEGIN failed--compilation aborted
On Tuesday 01 May 2007 17:23, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Top
> >
> > The following rule:
> >
> > REDIRECT- lan 10 tcp 10,200 1000:10 192.168.2.0/24
> >
> > generates the following iptables rule:
> >
> > -
Top
The following rule:
REDIRECT- lan 10 tcp 10,200 1000:10 192.168.2.0/24
generates the following iptables rule:
-A lan_dnat -p 6 -m multiport --dports 10,200 --sport 1000:1 -d
192.168.2.0/24 -j REDIRECT --to-port 10 -m comment --comment "This is a test
line"
which fails with
Tom
My kernel does not have ipp2p support.
When I test ipp2p, ipp2p:udp, & ipp2p:all in the protocol field of a rule, I
get three different messages.
ipp2p produces:
ERROR: Invalid/Unknown protocol (ipp2p)
ipp2p:udp produces:
iptables-restore v1.3.6: unknown protocol 'ipp2p:udp' specified
On Tuesday 01 May 2007 01:04, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Monday 30 April 2007 23:10, Tom Eastep wrote:
> >> Shorewall 3.9.5 is available at
> >> http://www1.shorewall.net/pub/shorewall/development/3.9/shorewall-3.9.5/
> >>
> >&g
On Monday 30 April 2007 23:10, Tom Eastep wrote:
> Shorewall 3.9.5 is available at
> http://www1.shorewall.net/pub/shorewall/development/3.9/shorewall-3.9.5/
>
> Lots of bugs fixed since last week. Thanks to all of you who are testing
> 3.9 (and a special thanks to Steven Springl).
Tom
You are we
On Monday 30 April 2007 19:38, Tom Eastep wrote:
> Tom Eastep wrote:
> > Steven Jan Springl wrote:
> >> On Monday 30 April 2007 01:46, Tom Eastep wrote:
> >>> Steven Jan Springl wrote:
> >>>> Tom
> >>>>
> >>>> If a policy
Tom
The following rule:
LOG:6! lan:192.168.0.3 $FW udp 123
produces the following error message when compiled with
shorewall-perl:
ERROR: Invalid log level (6!)
It works when compiled with shorewall-shell.
Steven.
-
On Monday 30 April 2007 19:02, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > When the following rule is compiled with shorewall-shell:
> >
> > CONTINUE! lan:192.168.0.3 $FW udp 123
> >
> > produces the following error messages:
Tom
When the following rule is compiled with shorewall-shell:
CONTINUE! lan:192.168.0.3 $FW udp 123
produces the following error messages:
iptables v1.3.6: Couldn't load target
`CONTINUE':/lib/iptables/libipt_CONTINUE.so: cannot open shared object file:
No such file or directory
ERROR
On Monday 30 April 2007 16:25, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > The following rule ACTIONs are rejected as unknown by shorewall-perl:
> >
> > CONTINUE! QUEUE! A-
> >
> >
> >
> > The following rule ACTIONs
Tom
The following rule ACTIONs are rejected as unknown by shorewall-perl:
CONTINUE! QUEUE! A-
The following rule ACTIONs are rejected as invalid by shorewall-shell:
DROP! REJECT! A-
The following rule:
LOG lan:192.168.0.3 $FW udp 123
is accepted by shorewall-perl, but shorewall-s
1 - 100 of 207 matches
Mail list logo
