Tom Using kernel 2.6.39, iptables 1.4.10 and xtables-addons 1.35
The following rules file entry: ACCEPT $FW lan tcp 22 - - - !root:root produces the following iptables rule: -A fw2lan -p 6 --dport 22 -m owner ! --uid-owner root ! --gid-owner root -j ACCEPT Which works. After upgrading iptables to 1.4.11 the following iptables-restore error is produced: iptables-restore v1.4.11: owner: option "--uid-owner" cannot be inverted. The following tcrules file entry: IPMARK(dst,-1,-64) $FW eth1 tcp 888 produces the following iptables rule: -A OUTPUT -p 6 --dport 888 -o eth1 -j IPMARK --addr dst --and-mask -1 --or-mask -64 --shift 0 Which works. After upgrading to iptables 1.4.11 the following iptables-restore error is produced: iptables-restore v1.4.11: IPMARK: Bad value for "and-mask" option: "-1" Steven. ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
