On 2/2/11 3:05 PM, Steven Jan Springl wrote: > Tom > > If the accounting file countains two ACCOUNT rules that specify the same > table > name but different networks eg > > ACCOUNT(net2lan,192.168.0.0/24) - eth0 eth1 > ACCOUNT(net2lan,10.1.0.0/16) - eth0 eth1 > > Then a shorewall debug start produces the following error messages: > > iptables: Invalid argument. Run `dmesg' for more information. > > ERROR: Command "/usr/local/sbin/iptables -A accounting -i eth0 -o eth1 -j > ACCOUNT --addr 10.1.0.0/16 --tname net2lan" Failed > > The output from dmesg is: > > [18807.006707] ACCOUNT: Table net2lan found, but IP/netmask mismatch. > IP/netmask found: 192.168.0.0/255.255.255.0 > > [18807.006714] ACCOUNT: Table insert problem. Aborting
This is a known restriction. It is related to the issue where changing the network associated with a table name requires 'stop;start'. I'm inclined to not do anything about it but I'll think about it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
