Re: [Shorewall-devel] rules: interface and comma seperated IP addresses.

Sun, 20 Jan 2008 12:06:37 -0800 

Srinivasa Hebbar wrote:
> Hello,
> 
> I am using shorewall 3.4.4
> 
> When I specify an interface name in the rules file, I expected the interface 
> name is given
> to "-i" option of iptable for all the IP addresses. But, I am seeing 
> different results.
> 
> Example1:
> ACCEPT          loc:net0:192.168.3.1,192.168.3.2                net           
>    tcp 80
> -The above rule gernerated the following code:
>    run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.1 --dport 80 -j ACCEPT
>    run_iptables -A loc2net -p tcp -s 192.168.3.2 --dport 80 -j ACCEPT
>    progress_message "   Rule \"ACCEPT loc:net0:192.168.3.1,192.168.3.2 net 
> tcp 80     \" added."
> 
> Example2:
> ACCEPT          loc:net0:192.168.3.1,net0:192.168.3.2                   net   
>            tcp 80
> -The above rule gernerated the following code:
>    run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.1 --dport 80 -j ACCEPT
>    run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.2 --dport 80 -j ACCEPT
>    progress_message "   Rule \"ACCEPT loc:net0:192.168.3.1,net0:192.168.3.2 
> net tcp 80     \" added."
> 
> Is it required to prepend interface name for every comma seperated IP address 
> within
> the rule?
> 
> Note: In the above example, the interface name is "net0"
> loc = Local zone
> net = Wan zone.
> 

Looks like another bug in Shorewall-shell.

Have you considered upgrading to 4.0.7 and switching to Shorewall-perl?
My main reason for creating Shorewall-perl was because Shorewall-shell
is buggy and the bugs are hard to fix without breaking something else.

Neither of the defects you have reported this week are present in
Shorewall-perl.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to