RE: [Security Firewall] Rule crashing shorewall

[Mitchell, Neill]

Sorry to keep bugging everyone. This is very bizarre. Added more rules using the "Add Custom Rule". Each time I do it the new rule gets added fine e.g:

 

ACCEPT  wan  dmz:192.168.2.2  tcp  http  -  -  #http_in

ACCEPT  dmz:192.168.2.2  wan  tcp  smtp  -  -  #smtp_out

 

But the two other rules I added:

 

ACCEPT  wan:81.171.149.66  fw  tcp  8433

ACCEPT  wan:81.171.149.66  fw  ssh

 

have the "from" added at the end each time apply is pressed. This then kills shorewall. Manually deleting the "from"'s clears the problem. Most puzzling.

---

From: Mitchell, Neill [mailto:[EMAIL PROTECTED]
Sent: 26 January 2005 16:22
To: 'security-firewall@linux-mandrake.com'
Subject: RE: [Security Firewall] Rule crashing shorewall

I think the rule generator may not be adding the "#" in front of the comment field. Running the 25th Jan naat rpms.

 

Cheers.

---

From: Mitchell, Neill [mailto:[EMAIL PROTECTED]
Sent: 26 January 2005 16:18
To: 'security-firewall@linux-mandrake.com'
Subject: [Security Firewall] Rule crashing shorewall

Having a bit of a time of it today!   Added the following rules via "Add Simple Rule":   ACCEPT  wan:81.171.149.66  fw  tcp  8433  ACCEPT wan:81.171.149.66  fw  ssh   Shorewall dies. When I run a shorewall check from the console it shows the rule as:   ACCEPT  wan:81.171.149.66  fw  tcp  8433 - - from ACCEPT wan:81.171.149.66  fw  ssh -  - from   Now, obviously its the "from" that's killing it (as can be seen in the log). Bug in the rule generator? If I manually edit out the "from"'s then everything fires up okay.   Cheers       _____________________________________________________________________ This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]

_____________________________________________________________________
This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]

_____________________________________________________________________
This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]

_____________________________________________________________________
This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]

_____________________________________________________________________
This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]