On 03/02/2013 08:58 AM, Tom Eastep wrote: > On 03/02/2013 08:15 AM, Steven Jan Springl wrote: > >> Shorewall rules: >> >> DNAT wan lan tcp 80 >> >> DNAT wan lan:0.0.0.0/0 tcp 80 >> >> Both generate the following iptables rule: >> >> -A wan_dnat -p 136 -m multiport --dports 80 -j DNAT --to-destination >> 0.0.0.0/0 >> >> Which produce the following error message: >> >> iptables-restore v1.4.17: Bad IP address "0.0.0.0/0" >> >> Similarly with Shorewall6 rule: >> >> DNAT wan lan tcp 80 >> >> Generates ip6tables rule: >> >> -A PREROUTING -p 6 --dport 80 -i eth1 -j DNAT --to-destination [::/0] >> >> Which produces error message: >> >> ip6tables-restore v1.4.17: Bad IP address "::/0" >> > > The attached patch corrects this problem.
The last patch missed one case. Second patch attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index c04a3e6..924e80f 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -708,6 +708,7 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) {
fatal_error "Invalid or missing server IP address";
} else {
$server = $1 if $family == F_IPV6 && $server =~ /^\[(.+)\]$/;
+ fatal_error "Invalid server IP address ($server)" if $server eq ALLIP || $server eq NILIP;
my @servers = validate_address $server, 1;
$server = join ',', @servers;
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
