On Dec 28, 2011, at 2:46 PM, Steven Jan Springl wrote: > On Wednesday 28 Dec 2011 22:00:26 Tom Eastep wrote: >> On Wed, 2011-12-28 at 20:13 +0000, Steven Jan Springl wrote: >>> If tcrules contains the following entry: >>> >>> 1:130:P 10.1.1.0/24 eth0 >>> >>> shorewall debug start produces the following messages: >>> >>> iptables: Invalid argument. Run `dmesg' for more information. >>> >>> ERROR: Command "/usr/local/sbin/iptables -A PREROUTING -s 10.1.1.0/24 -d >>> 192.168.0.0/24 -j CLASSIFY --set-class 1:130" Failed >>> >>> dmesg produces the following message: >>> >>> [ 2927.689744] x_tables: ip_tables: CLASSIFY target: used from hooks >>> PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING >> >> Okay -- I'll eliminate the 'P' choice from the code and documentation. >> >> Thanks, Steven >> >> -Tom >> >> PS -- please let me know when you have finished RC2 testing. > > Tom > > I have done some further testing of ':P' and ':F' and have found that: > > ':F' produces an iptables error if DEST is fw. > > ':P' produces an iptables error if DEST is fw. > > ':P' produces an iptables error if SOURCE is not fw.
Steven, I'll look at this in the morning. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
