On Apr 11, 2011, at 2:38 PM, Steven Jan Springl wrote: > Tom > > Rule: > > DROP $FW net !0 > > Produces the following iptables rule: > > -A fw2net ! -p 0 -j DROP > > Which produces the following iptabes-restore error: > > iptables-restore v1.4.2: rule would never match protocol
The attached patch seems to catch this.
PROTO.patch
Description: Binary data
> > ------------------------------------------------------------------------------------------ > > Shorewall allows a '-' to be specified within a protcol list: > > DROP $FW net 1,-,2 > > Is this intended? While including '-' in a list is silly, it doesn't make a lot of sense to reject it since '-' by itself is valid in that column. I think I'll leave it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
