On 2/7/11 3:02 PM, Steven Jan Springl wrote: > Tom > > The following accounting rule: > > ACCOUNT(net2lan,192.168.0.0/24) INPUT eth0 eth1 > > produces the following error messages: > > iptables v1.4.10: Can't use -o with INPUT > > ERROR: Command "/usr/local/sbin/iptables -A INPUT -i eth0 -o eth1 -j > ACCOUNT --addr 192.168.0.0/24 --tname net2lan" Failed > > ----------------------------------------------------------------------------------------------------------------- > > The following accounting rule: > > ACCOUNT(net2lan,192.168.0.0/24) OUTPUT eth0 eth1 > > produces the following error messages: > > iptables v1.4.10: Can't use -i with OUTPUT > > ERROR: Command "/usr/local/sbin/iptables -A OUTPUT -i eth0 -o eth1 -j > ACCOUNT --addr 192.168.0.0/24 --tname net2lan" Failed > > ----------------------------------------------------------------------------------------------------------------
Those two are caught by b4b59119efc1499f823cb02f364b8049b61108f9. > > The following accounting rule: > > ACCOUNT(net2lan,192.168.0.0/24) - eth0:~01-01-01-01-01-01 eth1 > > produces the following error messages: > > iptables: Invalid argument. Run `dmesg' for more information. > > ERROR: Command "/usr/local/sbin/iptables -A accounting -i eth0 -o eth1 > --match > mac --mac-source 01:01:01:01:01:01 -j ACCOUNT --addr 192.168.0.0/24 --tname > net2lan" Failed > > dmesg produces the following message: > > [25368.580699] x_tables: ip_tables: mac match: used from hooks > INPUT/FORWARD/OUTPUT, but only valid from PREROUTING/INPUT/FORWARD > I'm still trying to understand how I want to fix that. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
