On 2/2/11 2:44 PM, Steven Jan Springl wrote: > If OPTIMIZE_ACCOUNTING=Yes and there is just one rule in the accounting file > eg: > > ACCOUNTING(net2lan,192.168.0.0/24) - eth0 eth1 > > The following error messages are produced from a shorewall debug start ... > > iptables v1.4.10: Can't use -o with INPUT > > ERROR: Command "/usr/local/sbin/iptables -A INPUT -i eth0 -o eth1 -j > ACCOUNT --addr 192.168.0.0/24 --tname net2lan" Failed > > If the rule is changed to: > > ACCOUNTING(net2lan,192.168.0.0/24) - eth0 - > > then the following messages are produced: > > iptables v1.4.10: Can't use -i with OUTPUT > > ERROR: Command "/usr/local/sbin/iptables -A OUTPUT -i eth0 -j ACCOUNT --addr > 192.168.0.0/24 --tname net2lan" Failed > > If OPTIMIZE_ACCOUNTING=No or there is more than one rule in the accounting > file eg duplicate the rule, then the error does not occur.
Steven, This is an inconsistency in Netfilter that I don't know what to do about. I may end up deprecating or even eliminating OPTIMIZE_ACCOUNTING. It's a rather silly option anyway. Thanks for your continued testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
