On 11/21/2012 08:54 AM, Steven Jan Springl wrote:
Tom
The attached config. generates the following iptables rule:
-A eth0_fwd -m conntrack --ctstate NEW,INVALID,UNTRACKED -j ~excl5
which produces the following error message:
iptables-restore v1.4.15: Couldn't load target `~excl5':No such file or
directory
Note, if OPTIMIZE=0 is specified, the error does not occur.
Steven,
I'm unable to reproduce this problem. Attached is the output of 'fgrep
excl firewall'.
a) How does it differ from yours?
b) Which Perl version are you running?
Thanks,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
# Call this function to assert mutual exclusion with Shorewall. If you invoke
the
# /sbin/shorewall program while holding mutual exclusion, you should pass
"nolock" as
# Call this function to release mutual exclusion
:~excl0 - [0:0]
:~excl1 - [0:0]
:~excl2 - [0:0]
-A PREROUTING -d 1.1.1.0/24 -i eth0 -j ~excl0
-A lan_ctrk -s 6.6.6.0/24 -d 1.2.3.4 -j ~excl1 -m comment --comment "conntrack
rules"
-A lan_ctrk -s 7.7.0.0/24 -d 1.2.3.4 -j ~excl2 -m comment --comment "conntrack
rules"
-A ~excl0 -d 1.1.1.1 -j RETURN
-A ~excl0 -j RAWDNAT --to-dest 10.199.0.0/16
-A ~excl1 -s 6.6.6.6 -j RETURN -m comment --comment "conntrack rules"
-A ~excl1 -j CT --notrack -m comment --comment "conntrack rules"
-A ~excl2 -s 7.7.7.7 -j RETURN -m comment --comment "conntrack rules"
-A ~excl2 -j CT --notrack -m comment --comment "conntrack rules"
:~excl10 - [0:0]
:~excl11 - [0:0]
:~excl14 - [0:0]
:~excl15 - [0:0]
:~excl16 - [0:0]
:~excl17 - [0:0]
:~excl18 - [0:0]
:~excl20 - [0:0]
:~excl23 - [0:0]
:~excl24 - [0:0]
:~excl6 - [0:0]
:~excl9 - [0:0]
-A dmz_frwd -d 9.9.9.0/9 -o eth3 -j ~excl17
-A eth0_fwd -m conntrack --ctstate NEW,INVALID,UNTRACKED -j ~excl6
-A eth0_fwd -d 9.9.9.0/9 -o eth3 -j ~excl17
-A eth0_fwd -j ~excl10
-A eth0_in -m conntrack --ctstate NEW,INVALID,UNTRACKED -j ~excl6
-A eth0_in -j ~excl9
-A eth0_out -j ~excl11
-A eth3_fwd -s 9.9.9.0/9 -j ~excl24
-A eth3_in -s 9.9.9.0/9 -j ~excl23
-A eth3_out -d 9.9.9.0/9 -j ~excl18
-A eth3_out -d 255.255.255.255 -j ~excl18
-A eth4_fwd -s 9.9.8.0/9 -j ~excl16
-A eth4_in -s 9.9.8.0/9 -j ~excl15
-A eth4_out -d 9.9.8.0/9 -j ~excl14
-A eth4_out -d 255.255.255.255 -j ~excl14
-A eth5_fwd -s 9.9.9.0/9 -j ~excl20
-A eth5_in -s 9.9.9.0/9 -j ~excl23
-A eth5_out -d 9.9.9.0/9 -j ~excl18
-A eth5_out -d 255.255.255.255 -j ~excl18
-A wan_frwd -o eth0 -j ~excl11
-A wan_frwd -d 9.9.9.0/9 -o eth3 -j ~excl17
-A ~excl10 -s 1.1.1.1 -j RETURN
-A ~excl10 -g wan_frwd
-A ~excl11 -d 1.1.1.1 -j RETURN
-A ~excl11 -j ACCEPT
-A ~excl14 -d 9.9.8.8 -j RETURN
-A ~excl14 -d 9.9.8.0/24 -j RETURN
-A ~excl14 -j ACCEPT
-A ~excl15 -s 9.9.8.8 -j RETURN
-A ~excl15 -s 9.9.8.0/24 -j RETURN
-A ~excl15 -g all2all
-A ~excl16 -s 9.9.8.8 -j RETURN
-A ~excl16 -s 9.9.8.0/24 -j RETURN
-A ~excl16 -d 9.9.9.0/9 -o eth3 -j ~excl17
-A ~excl16 -d 224.0.0.0/4 -o eth3 -j all2all
-A ~excl17 -d 9.9.9.9 -j RETURN
-A ~excl17 -d 9.9.9.0/24 -j RETURN
-A ~excl17 -g all2all
-A ~excl18 -d 9.9.9.9 -j RETURN
-A ~excl18 -d 9.9.9.0/24 -j RETURN
-A ~excl18 -j ACCEPT
-A ~excl20 -s 9.9.9.9 -j RETURN
-A ~excl20 -s 9.9.9.0/24 -j RETURN
-A ~excl20 -d 9.9.9.0/9 -o eth3 -j ~excl17
-A ~excl20 -d 224.0.0.0/4 -o eth3 -j all2all
-A ~excl23 -s 9.9.9.9 -j RETURN
-A ~excl23 -s 9.9.9.0/24 -j RETURN
-A ~excl23 -g all2all
-A ~excl24 -s 9.9.9.9 -j RETURN
-A ~excl24 -s 9.9.9.0/24 -j RETURN
-A ~excl24 -d 9.9.9.0/9 -o eth5 -j ~excl17
-A ~excl24 -d 224.0.0.0/4 -o eth5 -j all2all
-A ~excl6 -s 1.1.1.1 -j RETURN
-A ~excl6 -g smurfs
-A ~excl9 -s 1.1.1.1 -j RETURN
-A ~excl9 -g all2all
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
