On Sep 2, 2011, at 4:56 PM, Tom Eastep wrote: > On Sep 2, 2011, at 4:08 PM, Steven Jan Springl wrote: >> In the attahced config. secmarks contains: >> >> RESTORE O:ER - eth0 udp 53 >> >> When the following commands are issued: >> >> shorewall start /etc/shorewallT6 >> shorewall safe-restart /etc/shorewallT6 >> >> then reply 'n' when prompted. >> >> The following iptables rule is generated in .safe-iptables: >> >> -A OUTPUT -o eth0 -p udp -m udp --dport 53 -m conntrack --ctstate >> RELATED,ESTABLISHED -j CONNSECMARK--restore >> >> which produces the following error message: >> >> iptables-restore v1.4.12.1: Couldn't load target `CONNSECMARK--restore':No >> such file or directory > > Steven, > > I suspect that is an iptables 1.4.12.x bug. Please start the configuration > and then do an 'iptables -S'; do you see the string "CONNSECMARK--restore" in > the output?
Please try this iptables patch. Thanks, -Tom
CONNSECMARK.patch
Description: Binary data
Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
