On Wednesday 28 Dec 2011 22:00:26 Tom Eastep wrote: > On Wed, 2011-12-28 at 20:13 +0000, Steven Jan Springl wrote: > > If tcrules contains the following entry: > > > > 1:130:P 10.1.1.0/24 eth0 > > > > shorewall debug start produces the following messages: > > > > iptables: Invalid argument. Run `dmesg' for more information. > > > > ERROR: Command "/usr/local/sbin/iptables -A PREROUTING -s 10.1.1.0/24 -d > > 192.168.0.0/24 -j CLASSIFY --set-class 1:130" Failed > > > > dmesg produces the following message: > > > > [ 2927.689744] x_tables: ip_tables: CLASSIFY target: used from hooks > > PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING > > Okay -- I'll eliminate the 'P' choice from the code and documentation. > > Thanks, Steven > > -Tom > > PS -- please let me know when you have finished RC2 testing.
Tom I have done some further testing of ':P' and ':F' and have found that: ':F' produces an iptables error if DEST is fw. ':P' produces an iptables error if DEST is fw. ':P' produces an iptables error if SOURCE is not fw. Steven. ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
