On Sep 19, 2011, at 1:01 PM, Steven Jan Springl wrote: > Shorewall netmap entry: > > DNAT:P 192.168.168.0/24 eth0 10.199.0.0/16 - icmp 8,3 > > Generates the following rule: > > -A PREROUTING -p 1 --icmp-type 8,3 -d 192.168.168.0/24 -i eth0 -j > RAWDNAT --to-dest 10.199.0.0/16 > > Which produces the following error message: > > iptables-restore v1.4.12.1: Invalid ICMP type `8,3' > > ------------------------------------------------------------------------------------------------------------------- > > Specifying a similar format shorewall6 netmap entry: > > DNAT:P 2001:4d48:ad51:24::/64 eth0 fd58:b443:dd9e:1::/64 - icmp > 129,128 > > Produces the following error message: > > Undefined subroutine &Shorewall::Chains::list_split called > at /usr/share/shorewall/Shorewall/Chains.pm line 3258, <$currentfile> line > 11.
Steven, Both issues should be eliminated by the attached patch. I had not intended to allow icmp-type lists in that file but an existing bug prevented that restriction. -Tom
ICMPTYPELIST.patch
Description: Binary data
Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
